[ { "path": ".delivery/project.toml", "content": "remote_file = \"https://raw.githubusercontent.com/chef-cookbooks/community_cookbook_tools/master/delivery/project.toml\"\n" }, { "path": ".editorconfig", "content": "# https://EditorConfig.org\n\n# top-most EditorConfig file\nroot=true\n\n# Unix-style newlines with a newline ending every file\n[*]\nend_of_line = lf\ninsert_final_newline = true\n\n# 2 space indentation\nindent_style = space\nindent_size = 2\n\n# Avoid issues parsing cookbook files later\ncharset = utf-8\n\n# Avoid cookstyle warnings\ntrim_trailing_whitespace = true\n" }, { "path": ".gitattributes", "content": "* text=auto eol=lf\n" }, { "path": ".github/CODEOWNERS", "content": "* @chef-cookbooks/windows-team\n" }, { "path": ".github/workflows/branchcleanup.yml", "content": "---\nname: Branch Cleanup\n# This workflow is triggered on all closed pull requests.\n# However the script does not do anything if a merge was not performed.\n\"on\":\n pull_request:\n types: [closed]\n\nenv:\n NO_BRANCH_DELETED_EXIT_CODE: 0\n GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n\njobs:\n build:\n runs-on: ubuntu-latest\n steps:\n - uses: jessfraz/branch-cleanup-action@master\n" }, { "path": ".github/workflows/delivery.yml", "content": "name: delivery\n\non: [push, pull_request]\n\njobs:\n delivery:\n\n runs-on: ubuntu-latest\n\n steps:\n - name: Check out code\n uses: actions/checkout@master\n - name: Run Chef Delivery\n uses: actionshub/chef-delivery@main\n env:\n CHEF_LICENSE: accept-no-persist\n" }, { "path": ".gitignore", "content": "*.rbc\n.config\nInstalledFiles\nlib/bundler/man\npkg\ntest/tmp\ntest/version_tmp\ntmp\n_Store\n*~\n*#\n.#*\n\\#*#\n*.un~\n*.tmp\n*.bk\n*.bkup\n\n# editor temp files\n.idea\n.*.sw[a-z]\n\n# ruby/bundler files\n.ruby-version\n.ruby-gemset\n.rvmrc\nGemfile.lock\n.bundle\n*.gem\ncoverage\nspec/reports\n\n# YARD / rdoc artifacts\n.yardoc\n_yardoc\ndoc/\nrdoc\n\n# chef infra stuff\nBerksfile.lock\n.kitchen\nkitchen.local.yml\nvendor/\n.coverage/\n.zero-knife.rb\nPolicyfile.lock.json\n\n# vagrant stuff\n.vagrant/\n.vagrant.d/\n" }, { "path": ".rubocop.yml", "content": "ChefModernize/WindowsZipfileUsage:\n Enabled: false\n\nLint/ShadowingOuterLocalVariable:\n Exclude:\n - 'libraries/registry_helper.rb'\n\nLint/UselessAssignment:\n Exclude:\n - 'libraries/registry_helper.rb'\n\nStyle/ClassVars:\n Exclude:\n - 'libraries/registry_helper.rb'\n\nStyle/IfInsideElse:\n Exclude:\n - 'libraries/powershell_helper.rb'\n" }, { "path": ".vscode/extensions.json", "content": "{\n \"recommendations\": [\n \"chef-software.chef\",\n \"rebornix.ruby\",\n \"editorconfig.editorconfig\"\n ]\n}" }, { "path": "Berksfile", "content": "source 'https://supermarket.chef.io'\n\nmetadata\n\ngroup :integration do\n cookbook 'test', path: './test/cookbooks/test'\nend\n" }, { "path": "CHANGELOG.md", "content": "# windows Cookbook CHANGELOG\n\nThis file is used to list changes made in each version of the windows cookbook.\n\n## 7.0.2 (2020-09-10)\n\n- Resolve a typo in the user_privilege resource - [@tas50](https://github.com/tas50)\n- Don't run delivery in Appveyor - [@tas50](https://github.com/tas50)\n\n## 7.0.1 (2020-09-10)\n\n- Remove testing of Windows 2008 R2 - [@tas50](https://github.com/tas50)\n- Cookstyle 6.2.9 Fixes - [@xorimabot](https://github.com/xorimabot)\n- Avoid deprcation warnings when using user_privilege resource on Chef >= - [@tas50](https://github.com/tas50)\n\n## Unreleased\n\n- resolved cookstyle error: libraries/registry_helper.rb:69:9 refactor: `ChefCorrectness/ChefApplicationFatal`\n- resolved cookstyle error: libraries/registry_helper.rb:232:9 convention: `Style/RedundantReturn`\n- resolved cookstyle error: libraries/registry_helper.rb:234:9 convention: `Style/RedundantReturn`\n- resolved cookstyle error: libraries/registry_helper.rb:244:9 convention: `Style/RedundantReturn`\n- resolved cookstyle error: libraries/registry_helper.rb:245:7 convention: `Style/EmptyElse`\n- resolved cookstyle error: libraries/registry_helper.rb:246:9 convention: `Style/RedundantReturn`\n- resolved cookstyle error: libraries/registry_helper.rb:272:9 convention: `Style/RedundantReturn`\n- resolved cookstyle error: libraries/registry_helper.rb:274:9 convention: `Style/RedundantReturn`\n- resolved cookstyle error: libraries/windows_helper.rb:165:14 warning: `Lint/SendWithMixinArgument`\n\n## 7.0.0 (2020-03-26)\n\n### Breaking Changes\n\n- This cookbook now requires Chef Infra Client 14.7 and later as it no longer includes the `windows_share` and `windows_certificate` resources that are now built into Chef Infra Client.\n\n### Other Changes\n\n- Remove list of actions in the dns resource - [@tas50](https://github.com/tas50)\n- Don't set the guard_interpreter in powershell_script - [@tas50](https://github.com/tas50)\n- Add windows_schannel resource (#619) - [@Xorima](https://github.com/Xorima)\n- Remove desired_state: true from resources - [@tas50](https://github.com/tas50)\n- The host_name property in the dns resource doesn't need to be a name property - [@tas50](https://github.com/tas50)\n- Remove unnecessary include of the powershell mixin - [@tas50](https://github.com/tas50)\n\n## 6.0.1 (2019-10-01)\n\n- Update README.md for Windows cookbook suggesting core dns resources (#616) - [@NAshwini](https://github.com/NAshwini)\n- Add a warning when using windows_zipfile resource as users should migrate to archive_file (#617) - [@NAshwini](https://github.com/NAshwini)\n\n## 6.0.0 (2019-04-25)\n\n### Breaking Changes\n\n- This cookbook now requires Chef 14 or later. As of April 2019 Chef 13 is EOL. If you are still running Chef 13 we highly suggest you begin your migration. Chef 14 provides a greatly improved Windows experience with built in resources for Windows clients.\n- Resources that are built into Chef 14 and later have been removed from this cookbook:\n - windows_auto_run\n - windows_feature\n - windows_font\n - windows_pagefile\n - windows_printer_port\n - windows_printer\n - windows_shortcut\n\n## 5.3.1 (2019-04-25)\n\n- Resolved failures on Chef 14.11 or later\n- Removed OS detectio support in the helpers for Windows 2003\n\n## 5.3.0 (2019-03-06)\n\n- Expanded certificate testing to cover more scenarios - [@Xorima](https://github.com/Xorima)\n- Updated windows_share to better compare the current and desired path in order to prevent converging on each Chef run - [@Xorima](https://github.com/Xorima)\n- Backported all windows_certificate fixes from Chef 14.8 - 14.11 including improvements to importing the types of certificates that can be imported, suppport for nested certs, and support for importing private keys with certs.\n\n## 5.2.4 (2019-02-28)\n\n- Fix http_acl regex to properly capture SDDL - [@Annih](https://github.com/Annih)\n- Updated windows_share to create share if the share is deleted, and to sanitize paths using Chef::Util::PathHelper.cleanpath (#607) - [@Xorima](https://github.com/Xorima)\n\n## 5.3.3 (2019-01-30)\n\n- Updated windows_certificate code to match that in Chef 14.10. This increases the requirement of the win32_certstore gem to the latest and resolves multiple issues with the previous implementation.\n\n## 5.2.2 (2018-11-20)\n\n- windows_share: Accounts to be revoked should be provided as an individually quoted string array\n\n## 5.2.1 (2018-11-19)\n\n- windows_share: Fix idempotency by not adding everyone by default\n\n## 5.2.0 (2018-11-14)\n\n- Support installing deleted features in windows_feature_dism\n\n## 5.1.6 (2018-11-13)\n\n- Add a warning to the readme regarding windows_share and windows_certificate now being included in Chef 14.7\n- Deprecated win_friendly_path helper in favor of built-in helpers\n\n## 5.1.5 (2018-11-07)\n\n- Avoid deprecation warnings in windows_share and windows_certificate on Chef 14.7+ as these are now included in the chef-client itself.\n\n## 5.1.4 (2018-10-30)\n\n- Note the :verify action for windows_certificate in the readme\n- certificate resource: auto set sensitive is passing password\n\n## 5.1.3 (2018-10-11)\n\n- Remove docs and test suite for windows tasks\n- Changed variable name in log message for retrieving SMB share access\n- Don't load the windows helper in windows_certificate\n\n## 5.1.2 (2018-10-08)\n\n- Fix typo in windows_feature_dism resource name\n\n## 5.1.1 (2018-09-06)\n\n- Require the win32-certstore gem and upgrade the gem as the resource runs so we get the most up to date version\n- Remove redundant helper methods from the windows_certificate resource\n\n## 5.1.0 (2018-08-29)\n\n- Add an action to windows_user_privilege to remove a privilege\n- Fix failing appveyor tests\n- Require win32-certstore 0.1.8 which resolves several issues with the windows_certificate resource\n- Avoid deprecation warnings with Chef 14.3+ by not loading resources that are now built into Chef\n\n## 5.0.0 (2018-07-24)\n\n### Breaking Changes\n\nThis release removes the windows_task and windows_path resources from this cookbook. This resources shipped in Chef 13.0 and 13.4 This raises the required version of chef-client for this cookbook to 13.4 or later.\n\n## 4.3.4 (2018-07-18)\n\n- Fix error message typo in windows_feature_powershell\n- Use win32-certstore 0.1.7 for bugfixes\n\n## 4.3.3 (2018-07-05)\n\n- Fix failures on PS 3.0 in windows_feature_powershell\n\n## 4.3.2 (2018-06-13)\n\n- Don't error in windows_feature_dism when providing a source\n\n## 4.3.1 (2018-06-11)\n\n- Make sure to quote each individual user to grant share access to\n\n## 4.3.0 (2018-06-11)\n\n- Add the windows_user_privilege resource which can grant privileges like Logon As a Service\n- Add windows_feature_powershell support for Windows 2008 R2 by not downcasing the feature names there and modifying the shell_out commands to make older output look like the 2012+ output\n- windows_certificate resource has been reworked to use the new win32-certstore gem. This gem abstracts away much of the logic and will allow us to better support certificates on Windows, especially on non-english systems.\n- Convert pester tests to InSpec for easier testing with ChefDK out of the box\n- Added additional tests for better testing in AppVeyor\n- Stop importing the servermanager module in windows_feature_powershell since we require PowerShell 3.0 and we don't need to do this there\n- Improve the error messages in Windows feature to get the Windows versions right\n- Increase readability in version logic with helpers in windows_feature resources\n\n## 4.2.5 (2018-05-28)\n\n- Add quoting to Path when creating new Share\n\n## 4.2.4 (2018-05-14)\n\n- Fix the platform version check in windows_share\n\n## 4.2.3 (2018-05-07)\n\n- Include the helper in the action class to prevent failures with the zipfile resource\n\n## 4.2.2 (2018-04-24)\n\n- Properly fail in windows_share on Windows 2008 R2 since we lack the cmdlets to manipulates shares on those systems.\n\n## 4.2.1 (2018-04-17)\n\n- Make sure shares can have spaces in the share name\n\n## 4.2.0 (2018-04-16)\n\n- Initial rewrite of windows_share to use PowerShell for share creation. This introduces multiple new properties and resolves a good number of longstanding issues. Please be sure to report any issues you see with this so we can stabilize this resource and include it in Chef 15!\n- Resolve failures in windows_certificate\n\n## 4.1.4 (2018-03-29)\n\n- Raise in windows_feature_powershell if we're on PS < 3.0\n\n## 4.1.3 (2018-03-28)\n\n- Restore support for Windows 2008 R2 in windows_feature_dism\n\n## 4.1.2 (2018-03-27)\n\n- Improve creation messaging for shares\n- Allow feature names to be case insensitive in windows_feature\n\n## 4.1.1 (2018-03-23)\n\n- Simplify delete action slightly in windows_pagefile\n- Don't use win_friendly_path helper in windows_pagefile since we already coerce the path value\n\n## 4.1.0 (2018-03-21)\n\n- Adds Caching for WIndows Feature Powershell resource using the same sort of logic we use on windows_feature_dism. This gives us a 3.5X speedup when no features need to be changed (subsequent runs after the change)\n- Warn if we're on w2k12 and trying to use source/management properties in windows_feature_powershell since that doesn't work.\n- Properly parse features into arrays so installing an array of features works in dism/powershell. This is the preferred way to install a number of features and will be faster than a large number of feature resources\n- Fix description of properties for pagefile in the readme\n\n## 4.0.2 (2018-03-20)\n\n- Enable FC016 testing\n- Enable FC059 testing\n- Properly calculate available packages if source is passed in windows_feature_dism resource\n\n## 4.0.1 (2018-03-07)\n\nFix the previous update to windows_feature_dism to use 'override' level of attributes not the normal level which persists to the node. Thanks to @Annih for pointing out the mistake here.\n\n## 4.0.0 (2018-03-05)\n\n### WARNING\n\nThis release contains a complete rewrite to windows_feature_dism resource and includes several behavior changes to windows_feature resource. Make sure to read the complete list of changes below before deploying this to production systems.\n\n#### DISM feature caching Ohai plugin replacement\n\nIn the 3.X cookbook we installed an Ohai plugin that cached the state of features on the node, and we reloaded that plugin anytime we installed/removed a feature from the system. This greatly sped up Chef runs where no features were actually installed/removed (2nd run and later). Without the caching each resource would take about 1 second longer while it queried current feature state. Using Ohai to cache this data was problematic though due to incompatibilities with Chef Solo, the reliance on the ohai cookbook, and the addition of extra node data which had to be stored on the Chef Server.\n\nIn the 4.0 release instead of caching data via an Ohai plugin we just write directly to the node within the resource. This avoids the need to load in the ohai plugin and the various issues that come with that. In the end it's basically the exact same thing, but less impacting on end users and faster when the data needs to be updated.\n\n#### Fail when feature is missing in windows_feature_dism\n\nThe windows_feature_dism resource had a rather un-Chef behavior in which it just warned you if a feature wasn't available on your platform and then continued on silently. This isn't how we handle missing packages in any of our package resource and because of that it's not going to be what anyone expects out of the box. If someone really wants SNMP installed and we can't install it we should fail instead of continuing on as if we did install it. So we'll now do the following things:\n\n- When installing a feature that doesn't exist: fail\n- When removing a feature that doesn't exist: continue since it is technically removed\n- When deleting a feature that doesn't exist: continue since it is technically deleted\n\nFor some users, particularly those writing community cookbooks, this is going to be a breaking change. I'd highly recommend putting logic within your cookbooks to only install features on supported releases of Windows. If you'd just like it to continue even with a failure you can also use `ignore_failure true` on your resource although this produces a lot of failure messaging in logs.\n\n#### Properly support features as an array in windows_feature_dism\n\nWe claimed to support installing features as an array in the windows_feature_dism resource previously, but it didn't actually work. The actual result was a warning that the array of features wasn't available on your platform since we compared the array to available features as if it was a string. We now properly support installation as a array and we do validation on each feature in the array to make sure the features are available on your Windows release.\n\n#### Install as the default action in windows_feature_powershell\n\nDue to some previous refactoring the :install action was not the default action for windows_feature_powershell. For all other package resources in Chef install is the default so this would likely lead to some unexpected behavior in cookbooks. This is technically a breaking change, but I suspect everyone assumed :install was always the default.\n\n#### servermanagercmd.exe Support Removal\n\nThis cookbook previously supported servermanagercmd.exe, which was necessary for feature installation on Windows 2003 / 2008 (not R2) systems. Windows 2003 went full EOL in 2015 and 2008 went into extended support in 2015\\. Neither releases are supported platforms for Chef or this cookbook so we've chosen to simplify the code and remove support entirely.\n\n#### Remove the undocumented node['windows']['rubyzipversion'] attribute\n\nThis attribute was a workaround for a bug in the rubyzip gem YEARS ago that's just not necessary anymore. We also never documented this attribute and a resource shouldn't change behavior based on attributes.\n\n## 3.5.2 (2018-03-01)\n\n- Remove value_for_feature_provider helper which wasn't being used and was using deprecated methods\n- Add all the Windows Core editions to the version helper\n- Simplify / speedup how we find the font directory in windows_font\n- Don't bother enabling why-run mode in the resources since it's enabled by default\n- Don't include mixlib-shellout in the resources since it's included by default\n- Fix installation messaging for windows_feature_powershell to properly show all features being installed\n- Use powershell for the share creation / deletion in windows_share. This speeds up the runs and fixes some of the failures.\n\n## 3.5.1 (2018-02-23)\n\n- Add a new `shortcut_name` property to `windows_shortcut`\n- Use Chef's built in registry_key_exists helper in `windows_printer_port`\n- Fix the `source` coerce in `windows_font`\n\n## 3.5.0 (2018-02-23)\n\n- Add Windows 2016 to the supported releases in the readme\n- Add Windows 10 detection to the version helper\n- Remove the Chefspec matchers. These are auto generated by ChefSpec now. If this causes your specs to fail upgrade ChefDK\n- In `certificate_binding` support `hostnameport` option if address is a hostname\n- Convert several tests to InSpec tests and add additional test scenarios\n- Remove `required: true` on the name_properties, which serves no purpose and will be a Foodcritic rule in the next Foodcritic release\n- Fix `windows_feature` logging to work when the user provides an array of features\n- Don't both coercing a symbol into a symbol in the `windows_auto_run` resource.\n- Switch `windows_font` over to the built in path helper in Chef, which a much more robust\n- Don't coerce forward slashes to backslashes in the `windows_font` `source` property if the source is a URI\n- Add a new `path` property to `windows_pagefile` for properly overriding the resource name\n- Coerce backslashes to forward slashes in `windows_pagefile`'s `path` property so we do the right thing even if a user gives bad input\n- Add a new `program_name` property in windows_auto_run for overriding the resource name\n- Rename `program` property to `path` in windows_auto_run. The legacy name will continue to work, but cookbooks should be updated\n- Coerce the `path` property to use backslashes in `windows_auto_run` so it works no matter what format of path the user provides\n- Avoid writing out an extra space in `windows_auto_run`'s registry entry when the user doesn't specify an arg\n- Added yard comments to many of the helper methods\n\n## 3.4.4 (2018-01-19)\n\n- Fix undefined method for 'ipv4_address' in windows_printer_port\n\n## 3.4.3 (2018-01-04)\n\n- Added missing parentheses around PersistKeySet flag that was preventing PowerShell from creating X509Certificate2 object\n\n## 3.4.2 (2018-01-02)\n\n- Add deprecation warnings for windows_path and windows_task which are now included in Chef 13\\. These will be removed from this cookbook in Sept 2018.\n\n## 3.4.1 (2017-12-06)\n\n- Fix long-running filtering by replace LIKE with equality sign in the share resource\n- Use logical OR instead of AND when trying to detect share permissions changing in the share resource\n- Remove extra new_resource.updated_by_last_action in the windows_task resource that resulted in a Foodcritic warning\n\n## 3.4.0 (2017-11-14)\n\n- Add a root key property for the auto_run resource\n- Fix a resource typo where a name_property was still written name_attribute\n- Resolve FC108 warnings\n\n## 3.3.0 (2017-11-06)\n\n- Add new dns resource. See readme for examples\n- Add BUILTIN\\Users to SYSTEM_USERS for windows_task\n\n## 3.2.0 (2017-10-17)\n\n- Add management_tools property to windows_feature powershell provider which installs the various management tools\n- Fix deprecations_namespace_collisions\n- Add additional certificate store names\n- Add the ability to define a timeout on windows_feature\n- Multiple improvements to the font resource\n\n - Improved logging, particularly debug logging\n - Allow pulling the font from a remote location using remote_file\n - Fix some failures in fetching local fonts\n - Added a font_name property that allows you specify the local name of the font, which can be different from the name of the chef resource. This allows you to create more friendly resource names for your converge.\n - Handle font resources with backslashes in their source\n\n- Remove source property from servermanagercmd provider as it does not support it.\n\n- Remove converge_by around inner powershell_script resource to stop it always reporting as changed\n\n- Change install feature guards to work on Windows 2008r2\n\n- Allow dism feature installs to work on non-English systems\n\n## 3.1.3 (2017-09-18)\n\n### windows_task and windows_path deprecation\n\ns of chef-client 13.0+ and 13.4+ windows_task and windows_path are now included in the Chef client. windows_task underwent a full rewrite that greatly improved the functionality and idempotency of the resource. We highly recommend using these new resources by upgrading to Chef 13.4 or later. If you are running these more recent Chef releases the windows_task and windows_path resources within chef-client will take precedence over those in this cookbook. In September 2018 we will release a new major version of this cookbook that removes windows_task and windows_path.\n\n## 3.1.2 (2017-08-14)\n\n- Revert \"Require path in the share resource instead of raising if it's missing\" which was causing failures due to a bug in the chef-client\n\n## 3.1.1 (2017-06-13)\n\n- Replace Windows 7 testing with Windows 10 testing\n- Expand debug logging in the pagefile resource\n- Require path in the share resource instead of raising if it's missing\n- Make pagefile properly fail the run if the command fails to run\n\n## 3.1.0 (2017-05-30)\n\n- Updated resource documentation for windows_pagefile\n- Declare windows_feature as why-runnable\n- Remove action_class.class_eval usage and require 12.7+ as class_eval is causing issues with later versions of Chef\n\n## 3.0.5 (2017-04-07)\n\n- Add support for windows_task resource to run on non-English editions of Windows\n- Ensure chef-client 12.6 compatibility with action_class.class_eval\n\n## 3.0.4 (2017-03-29)\n\n- restoring the `cached_file` helper as downstream cookbooks use it.\n\n## 3.0.3 (2017-03-28)\n\n- Correct a typo in a Log message\n\n## 3.0.2 (2017-03-21)\n\n- Fix `windows_zipfile` resource to properly download and cache the zip archives\n\n## 3.0.1 (2017-03-17)\n\n- Fix `windows_share` to be fully idempotent. Fixes #447\n\n## 3.0.0 (2017-03-15)\n\n**Warning** This release includes multiple breaking changes as we refactored all existing resources and resolved many longstanding bugs. We highly recommend exercising caution and fully testing this new version before rolling it out to a production environment.\n\n### Breaking changes\n\n- This cookbook now requires Chef 12.6 or later and we highly recommend even more recent Chef 12 releases as they resolve critical Windows bugs and include new Windows specific functionality.\n- The windows_package resource has been removed as it is built into chef-client 12.6+ and the built in version is faster / more robust.\n- The powershell out helper has been removed as it is now included in chef-client 12.6+\n- The default recipe no longer installs the various Windows rubygems required for non-omnibus chef-client installs. This was a leftover from Chef 10 and is no longer necessary, or desired, as we ship these gems in every Windows chef release.\n- windows_feature has been heavily refactored and in doing so the method used to control the underlying providers has changed. You can no longer specify which windows_feature provider to use by setting `node['windows']['feature_provider']` or by setting the `provider` property on the resource itself. Instead you must set `install_method` to specify the correct underlying installation method. You can also now reference the resources directly by using `windows_feature_servermanagercmd`, `windows_feature_powershell` or `windows_feature_dism` instead of `windows_feature`\n\n- Windows_font's `file` property has been renamed to `name` to avoid collisions with the Chef file resource.\n\n### Other Changes\n\n- All LWRPs in this cookbook have been refactored to be custom resources\n- windows_path, windows_shortcut, and windows_zipfile have been updated to be idempotent with support for why-run mode and proper notification when the resources actually update\n- windows_pagefile now validates the name of the pagefile to avoid cryptic error messages\n- A new `share` resource has been added for setting up Windows shares\n- TrustedPeople certificate store has been added to the list of allowed store_names in the certificate resources\n- version helper constant definitions has been improved\n- A new `all` property has been added to the Windows feature resource to install all dependent features. See the windows feature test recipe for usage examples.\n- Windows feature now accepts an array of features, which greatly speeds up feature installs and simplifies recipe code\n- The path resource now accepts paths with either forward slashes or backslashes and correctly adds the path using Windows style backslash.\n- The powershell provider for windows_feature resource has been fixed to properly import ServerManager in the :remove action\n- Testing has been switched from a Rakefile to the new Delivery local mode\n- Several issues with testing the resources on non-Windows hosts in ChefSpec have been resolved\n- A new `source` property has been added to the windows_feature_powershell resource\n- Additional test suites have been added to Test Kitchen to cover all resources and those test suites are now being executed in AppVeyer on every PR\n- Travis CI testing has been removed and all testing is being performed in AppVeyer\n\n## 2.1.1 (2016-11-23)\n\n- Make sure the ohai plugin is available when installing features\n\n## 2.1.0 (2016-11-22)\n\n- Reduce expensive executions of dism in windows_feature by using a new Ohai plugin\n- Add guard around chef_version metadata for Opsworks and older Chef 12 clients\n- Update the rakefile to the latest\n- Add deprecation dates for the windows_package and powershell functionality that has been moved to core Chef. These will be removed 4/17 when we release Chef 13\n- Provide helper method to get windows version info\n- Allow defining http acl using SDDL\n\n## 2.0.2 (2016-09-07)\n\n- Added the powershell_out mixin back to allow for Chef 12.1-12.3 compatibility\n- Set the dependency back to Chef 12.1\n\n## 2.0.1 (2016-09-07)\n\n- Clarify the platforms we support in the readme\n- Require Chef 12.4 which included powershell_out\n\n## 2.0.0 (2016-09-07)\n\nThis cookbook now requires Chef 12.1+. Resources (lwrps) that have been moved into the chef-client have been removed from this cookbook. While the functionality in the chef-client is similar, and in many cases improved, the names and properties have changed in some cases. Make sure to check for full documentation on each of these resources, and as usual carefully test your cookbooks before upgrading to this new release.\n\n### Removed resources and helpers:\n\n- windows_reboot provider\n- windows_batch provider\n- windows_registry provider\n- Powershell out for only_if / not_if statements\n- Windows Architecture Helper\n- Reboot handler and the dependency on the chef_handler cookbook\n\n#### Changes resource behavior\n\n- For Chef clients 12.6 and later the windows_package provider will no longer be used as windows_package logic is now included in Chef. Chef 12.1 - 12.5.1 clients will continue to default to the windows_package provider in this cookbook for full compatibility.\n\n#### Additional changes\n\n- Updated and expanded testing\n- Fixed the windows_feature powershell provider to run on Windows 2008 / 2008 R2\n- Added TrustedPublisher as a valid cert store_name\n- Updated the certificate_binding resource to respect the app_id property\n- Added why-run support to the auto_run resource\n\n## 1.44.3 (2016-08-16)\n\n- Remove support for ChefSpec <4.1 in the matchers\n- Add missing Chefspec matchers\n\n## 1.44.2 (2016-08-15)\n\n- Add missing windows_font matcher\n- Add chef_version to the metadata\n- Switch from Rubocop to Cookstyle and use our improved Rakefile\n- Remove test deps from the Gemfile that are in ChefDK\n\n## v1.44.1\n\n- [PR 375](https://github.com/chef-cookbooks/windows/pull/375) - Fix comparison of string to number in platform_version\n- [PR 376](https://github.com/chef-cookbooks/windows/pull/376) - Switch to cookstyle, update gem deps and other minor stuff\n- [PR 377](https://github.com/chef-cookbooks/windows/pull/377) - add test and check for feature installation through powershell\n\n## v1.44.0\n\n- [PR 372](https://github.com/chef-cookbooks/windows/pull/372) - Support Server 2008 for feature installs via PowerShell\n\n## v1.43.0\n\n- [PR 369](https://github.com/chef-cookbooks/windows/pull/369) - Add a enable_windows_task matcher\n\n## v1.42.0\n\n- [PR 365](https://github.com/chef-cookbooks/windows/pull/365) - Escape command quotes when passing to schtasks\n\n## v1.41.0\n\n- [PR 364](https://github.com/chef-cookbooks/windows/pull/364) - Configurable font source\n\n## v1.40.0\n\n- [PR 357](https://github.com/chef-cookbooks/windows/pull/357) - Fixes for schtasks\n- [PR 359](https://github.com/chef-cookbooks/windows/pull/359) - take bundler out of the appveyor build\n- [PR 356](https://github.com/chef-cookbooks/windows/pull/356) - Misc fixes and updates\n- [PR 355](https://github.com/chef-cookbooks/windows/pull/355) - bump and pin rubocop, fix broken cop\n- [PR 348](https://github.com/chef-cookbooks/windows/pull/348) - Make notify work for `windows_task`\n\n## v1.39.2\n\n- [PR 329](https://github.com/chef-cookbooks/windows/pull/329) - Silence `compile_time` warning for `chef_gem`\n- [PR 338](https://github.com/chef-cookbooks/windows/pull/338) - ChefSpec matchers for `windows_certificate`\n- [PR 341](https://github.com/chef-cookbooks/windows/pull/341) - Updated rubocop and FoodCritic compliance\n- [PR 336](https://github.com/chef-cookbooks/windows/pull/336) - Fixed where clause compliance with PS v1/v2\n\n## v1.39.1\n\n- [PR 325](https://github.com/chef-cookbooks/windows/pull/325) - Raise an error if a bogus feature is given to the powershell `windows_feature` provider\n- [PR 326](https://github.com/chef-cookbooks/windows/pull/326) - Fix `windows_font` and copy the font file before installation\n\n## v1.39.0\n\n- [PR 305](https://github.com/chef-cookbooks/windows/pull/305) - Added `months` attribute to `windows_task` and allow `frequency_modifier` to accept values 'FIRST', 'SECOND', 'THIRD', 'FOURTH', 'LAST', and 'LASTDAY' for monthly frequency\n- [PR 310](https://github.com/chef-cookbooks/windows/pull/310) - Fix `windows_task` breaks when there is a space in the user name\n- [PR 314](https://github.com/chef-cookbooks/windows/pull/314) - fixes reboot handling on some chef versions below 11.12\n- [PR 317](https://github.com/chef-cookbooks/windows/pull/317) - Adds a `disable_windows_task` matcher\n- [PR 311](https://github.com/chef-cookbooks/windows/pull/311) - Implements the `cwd` attribute of `windows_task`\n- [PR 318](https://github.com/chef-cookbooks/windows/pull/318) - Use dsl instead of manual resource instanciation\n- [PR 303](https://github.com/chef-cookbooks/windows/pull/303) - Fix `http_acl` idempotency when user name contains a space\n- [PR 257](https://github.com/chef-cookbooks/windows/pull/257) - Speed up windows_feature dism provider\n- [PR 319](https://github.com/chef-cookbooks/windows/pull/319) - Add a `.kitchen.cloud.yml` for kitchen testing on Azure\n- [PR 315](https://github.com/chef-cookbooks/windows/pull/315) - Deprecate `windows_package` and forward to `Chef::Provider::Package::Windows` when running 12.6 or higher\n\n## v1.38.4\n\n- [PR 295](https://github.com/chef-cookbooks/windows/pull/295) - Escape `http_acl` username\n- [PR 293](https://github.com/chef-cookbooks/windows/pull/293) - Separating assignments to `code_script` and `guard_script` as they should be different scripts and not hold the same reference\n- [Issue 298](https://github.com/chef-cookbooks/windows/issues/298) - `windows_certificate_binding` is ignoring `store_name` attribute and always saving to `MY`\n- [Issue 296](https://github.com/chef-cookbooks/windows/pull/302) - Fixes `windows_certificate` idempotentcy on chef 11 clients\n\n## v1.38.3\n\n- Make `windows_task` resource idempotent (double quotes need to be single when comparing)\n- [Issue 245](https://github.com/chef-cookbooks/windows/issues/256) - Fix `No resource, method, or local variable named`password' for `Chef::Provider::WindowsTask'` when `interactive_enabled` is `true`\n\n## v1.38.2\n\n- Lazy-load windows-pr gem library files. Chef 12.5 no longer includes the windows-pr gem. Earlier versions of this cookbook will not compile on Chef 12.5.\n\n## v1.38.1 (2015-07-28)\n\n- Publishing without extended metadata\n\n## v1.38.0 (2015-07-27)\n\n- Do not set new_resource.password to nil, Fixes #219, Fixes #220\n- Add `windows_certificate` resource #212\n- Add `windows_http_acl` resource #214\n\n## v1.37.0 (2015-05-14)\n\n- fix `windows_package` `Chef.set_resource_priority_array` warning\n- update `windows_task` to support tasks in folders\n- fix `windows_task` delete action\n- replace `windows_task` name attribute with 'task_name'\n- add :end action to 'windows_task'\n- Tasks created with the `windows_task` resource default to the SYSTEM account\n- The force attribute for `windows_task` makes the :create action update the definition.\n- `windows_task` :create action will force an update of the task if the user or command differs from the currently configured setting.\n- add default provider for `windows_feature`\n- add a helper to make sure `WindowsRebootHandler` works in ChefSpec\n- added a source and issues url to the metadata for Supermarket\n- updated the Gemfile and .kitchen.yml to reflect the latest test-kitchen windows guest support\n- started tests using the kitchen-pester verifier\n\n## v1.36.6 (2014-12-18)\n\n- reverting all chef_gem compile_time work\n\n## v1.36.5 (2014-12-18)\n\n- Fix zipfile provider\n\n## v1.36.4 (2014-12-18)\n\n- Fix Chef chef_gem with Chef::Resource::ChefGem.method_defined?(:compile_time)\n\n## v1.36.3 (2014-12-18)\n\n- Fix Chef chef_gem below 12.1.0\n\n## v1.36.2 (2014-12-17)\n\n- Being explicit about usage of the chef_gem's compile_time property.\n- Eliminating future deprecation warnings in Chef 12.1.0\n\n## v1.36.1 (2014-12-17)\n\n- [PR 160](https://github.com/chef-cookbooks/windows/pull/160) - Fix Chef 11.10 / versions without windows_package in core\n\n## v1.36.0 (2014-12-16)\n\n- [PR 145](https://github.com/chef-cookbooks/windows/pull/145) - do not fail on non-existant task\n- [PR 144](https://github.com/chef-cookbooks/windows/pull/144) - Add a zip example to the README\n- [PR 110](https://github.com/chef-cookbooks/windows/pull/110) - More zip documentation\n- [PR 148](https://github.com/chef-cookbooks/windows/pull/148) - Add an LWRP for font installation\n- [PR 151](https://github.com/chef-cookbooks/windows/pull/151) - Fix windows_package on Chef 12, add integration tests\n- [PR 129](https://github.com/chef-cookbooks/windows/pull/129) - Add enable/disable actions to task LWRP\n- [PR 115](https://github.com/chef-cookbooks/windows/pull/115) - require Chef::Mixin::PowershellOut before using it\n- [PR 88](https://github.com/chef-cookbooks/windows/pull/88) - Code 1003 from servermanagercmd.exe is valid\n\n## v1.34.8 (2014-10-31)\n\n- [Issue 137](https://github.com/chef-cookbooks/windows/issues/137) - windows_path resource breaks with ruby 2.x\n\n## v1.34.6 (2014-09-22)\n\n- [Chef-2009](https://github.com/chef/chef/issues/2009) - Patch to work around a regression in [Chef](https://github.com/chef/chef)\n\n## v1.34.2 (2014-08-12)\n\n- [Issue 99](https://github.com/chef-cookbooks/windows/issues/99) - Remove rubygems / Internet wmi-lite dependency (PR #108)\n\n## v1.34.0 (2014-08-04)\n\n- [Issue 99](https://github.com/chef-cookbooks/windows/issues/99) - Use wmi-lite to fix Chef 11.14.2 break in rdp-ruby-wmi dependency\n\n## v1.32.1 (2014-07-15)\n\n- Fixes broken cookbook release\n\n## v1.32.0 (2014-07-11)\n\n- Add ChefSpec resource methods to allow notification testing (@sneal)\n- Add use_inline_resources to providers (@micgo)\n- [COOK-4728] - Allow reboot handler to be used as an exception handler\n- [COOK-4620] - Ensure win_friendly_path doesn't error out when ALT_SEPARATOR is nil\n\n## v1.31.0 (2014-05-07)\n\n- [COOK-2934] - Add windows_feature support for 2 new DISM attributes: all, source\n\n## v1.30.2 (2014-04-02)\n\n- [COOK-4414] - Adding ChefSpec matchers\n\n## v1.30.0 (2014-02-14)\n\n- [COOK-3715] - Unable to create a startup task with no login\n- [COOK-4188] - Add powershell_version method to return Powershell version\n\n## v1.12.8 (2014-01-21)\n\n- [COOK-3988] Don't unescape URI before constructing it.\n\n## v1.12.6 (2014-01-03)\n\n- [COOK-4168] Circular dep on powershell - moving powershell libraries into windows. removing dependency on powershell\n\n## v1.12.4\n\nFixing depend/depends typo in metadata.rb\n\n## v1.12.2\n\n### Bug\n\n- **[COOK-4110](https://tickets.chef.io/browse/COOK-4110)** - feature_servermanager installed? method regex bug\n\n## v1.12.0\n\n### Bug\n\n- **[COOK-3793](https://tickets.chef.io/browse/COOK-3793)** - parens inside parens of README.md don't render\n\n### New Feature\n\n- **[COOK-3714](https://tickets.chef.io/browse/COOK-3714)** - Powershell features provider and delete support.\n\n## v1.11.0\n\n### Improvement\n\n- **[COOK-3724](https://tickets.chef.io/browse/COOK-3724)** - Rrecommend built-in resources over cookbook resources\n- **[COOK-3515](https://tickets.chef.io/browse/COOK-3515)** - Remove unprofessional comment from library\n- **[COOK-3455](https://tickets.chef.io/browse/COOK-3455)** - Add Windows Server 2012R2 to windows cookbook version helper\n\n### Bug\n\n- **[COOK-3542](https://tickets.chef.io/browse/COOK-3542)** - Fix an issue where `windows_zipfile` fails with LoadError\n- **[COOK-3447](https://tickets.chef.io/browse/COOK-3447)** - Allow Overriding Of The Default Reboot Timeout In windows_reboot_handler\n- **[COOK-3382](https://tickets.chef.io/browse/COOK-3382)** - Allow windows_task to create `on_logon` tasks\n- **[COOK-2098](https://tickets.chef.io/browse/COOK-2098)** - Fix and issue where the `windows_reboot` handler is ignoring the reboot time\n\n### New Feature\n\n- **[COOK-3458](https://tickets.chef.io/browse/COOK-3458)** - Add support for `start_date` and `start_time` in `windows_task`\n\n## v1.10.0\n\n### Improvement\n\n- [COOK-3126]: `windows_task` should support the on start frequency\n- [COOK-3127]: Support the force option on task create and delete\n\n## v1.9.0\n\n### Bug\n\n- [COOK-2899]: windows_feature fails when a feature install requires a reboot\n- [COOK-2914]: Foodcritic failures in Cookbooks\n- [COOK-2983]: windows cookbook has foodcritic failures\n\n### Improvement\n\n- [COOK-2686]: Add Windows Server 2012 to version.rb so other depending chef scripts can detect Windows Server 2012\n\n## v1.8.10\n\nWhen using Windows qualified filepaths (C:/foo), the #absolute? method for URI returns true, because \"C\" is the scheme.\n\nThis change checks that the URI is http or https scheme, so it can be passed off to remote_file appropriately.\n\n- [COOK-2729] - allow only http, https URI schemes\n\n## v1.8.8\n\n- [COOK-2729] - helper should use URI rather than regex and bare string\n\n## v1.8.6\n\n- [COOK-968] - `windows_package` provider should gracefully handle paths with spaces\n- [COOK-222] - `windows_task` resource does not declare :change action\n- [COOK-241] - Windows cookbook should check for redefined constants\n- [COOK-248] - Windows package install type is case sensitive\n\n## v1.8.4\n\n- [COOK-2336] - MSI That requires reboot returns with RC 3010 and causes chef run failure\n- [COOK-2368] - `version` attribute of the `windows_package` provider should be documented\n\n## v1.8.2\n\n**Important**: Use powershell in nodes expanded run lists to ensure powershell is downloaded, as powershell has a dependency on this cookbook; v1.8.0 created a circular dependency.\n\n- [COOK-2301] - windows 1.8.0 has circular dependency on powershell\n\n## v1.8.0\n\n- [COOK-2126] - Add checksum attribute to `windows_zipfile`\n- [COOK-2142] - Add printer and `printer_port` LWRPs\n- [COOK-2149] - Chef::Log.debug Windows Package command line\n- [COOK-2155] -`windows_package` does not send checksum to `cached_file` in `installer_type`\n\n## v1.7.0\n\n- [COOK-1745] - allow for newer versions of rubyzip\n\n## v1.6.0\n\n- [COOK-2048] - undefined method for Falseclass on task :change when action is :nothing (and task doesn't exist)\n- [COOK-2049] - Add `windows_pagefile` resource\n\n## v1.5.0\n\n- [COOK-1251] - Fix LWRP \"NotImplementedError\"\n- [COOK-1921] - Task LWRP will return true for resource exists when no other scheduled tasks exist\n- [COOK-1932] - Include :change functionality to windows task lwrp\n\n## v1.4.0:\n\n- [COOK-1571] - `windows_package` resource (with msi provider) does not accept spaces in filename\n- [COOK-1581] - Windows cookbook needs a scheduled tasks LWRP\n- [COOK-1584] - `windows_registry` should support all registry types\n\n## v1.3.4\n\n- [COOK-1173] - `windows_registry` throws Win32::Registry::Error for action :remove on a nonexistent key\n- [COOK-1182] - windows package sets start window title instead of quoting a path\n- [COOK-1476] - zipfile lwrp should support :zip action\n- [COOK-1485] - package resource fails to perform install correctly when \"source\" contains quote\n- [COOK-1519] - add action :remove for path lwrp\n\n## v1.3.2\n\n- [COOK-1033] - remove the `libraries/ruby_19_patches.rb` file which causes havoc on non-Windows systems.\n- [COOK-811] - add a timeout parameter attribute for `windows_package`\n\n## v1.3.0\n\n- [COOK-1323] - Update for changes in Chef 0.10.10.\n\n - Setting file mode doesn't make sense on Windows (package provider\n - and `reboot_handler` recipe)\n - Prefix ::Win32 to avoid namespace collision with Chef::Win32\n - (`registry_helper` library)\n - Use chef_gem instead of gem_package so gems get installed correctly under the Ruby environment Chef runs in (reboot_handler recipe, zipfile provider)\n\n## v1.2.12\n\n- [COOK-1037] - specify version for rubyzip gem\n- [COOK-1007] - `windows_feature` does not work to remove features with dism\n- [COOK-667] - shortcut resource + provider for Windows platforms\n\n## v1.2.10\n\n- [COOK-939] - add `type` parameter to `windows_registry` to allow binary registry keys.\n- [COOK-940] - refactor logic so multiple values get created.\n\n## v1.2.8\n\n- FIX: Older Windows (Windows Server 2003) sometimes return 127 on successful forked commands\n- FIX: `windows_package`, ensure we pass the WOW* registry redirection flags into reg.open\n\n## v1.2.6\n\n- patch to fix [CHEF-2684], Open4 is named Open3 in Ruby 1.9\n- Ruby 1.9's Open3 returns 0 and 42 for successful commands\n- retry keyword can only be used in a rescue block in Ruby 1.9\n\n## v1.2.4\n\n- `windows_package` - catch Win32::Registry::Error that pops up when searching certain keys\n\n## v1.2.2\n\n- combined numerous helper libarires for easier sharing across libaries/LWRPs\n- renamed Chef::Provider::WindowsFeature::Base file to the more descriptive `feature_base.rb`\n- refactored `windows_path` LWRP\n\n - :add action should MODIFY the the underlying ENV variable (vs CREATE)\n - deleted greedy :remove action until it could be made more idempotent\n\n- added a `windows_batch` resource/provider for running batch scripts remotely\n\n## v1.2.0\n\n- [COOK-745] gracefully handle required server restarts on Windows platform\n\n - WindowsRebootHandler for requested and pending reboots\n - `windows_reboot` LWRP for requesting (receiving notifies) reboots\n - `reboot_handler` recipe for enabling WindowsRebootHandler as a report handler\n\n- [COOK-714] Correct initialize misspelling\n\n- RegistryHelper - new `get_values` method which returns all values for a particular key.\n\n## v1.0.8\n\n- [COOK-719] resource/provider for managing windows features\n- [COOK-717] remove `windows_env_vars` resource as env resource exists in core chef\n- new `Windows::Version` helper class\n- refactored `Windows::Helper` mixin\n\n## v1.0.6\n\n- added `force_modify` action to `windows_registry` resource\n- add `win_friendly_path` helper\n- re-purpose default recipe to install useful supporting windows related gems\n\n## v1.0.4\n\n- [COOK-700] new resources and improvements to the `windows_registry` provider (thanks Paul Morton!)\n\n - Open the registry in the bitednes of the OS\n - Provide convenience methods to check if keys and values exit\n - Provide convenience method for reading registry values\n - NEW - `windows_auto_run` resource/provider\n - NEW - `windows_env_vars` resource/provider\n - NEW - `windows_path` resource/provider\n\n- re-write of the `windows_package` logic for determining current installed packages\n\n- new checksum attribute for `windows_package` resource...useful for remote packages\n\n## v1.0.2\n\n- [COOK-647] account for Wow6432Node registry redirecter\n- [COOK-656] begin/rescue on win32/registry\n\n## v1.0.0\n\n- [COOK-612] initial release\n" }, { "path": "CODE_OF_CONDUCT.md", "content": "Please refer to the Chef Community Code of Conduct at \n" }, { "path": "CONTRIBUTING.md", "content": "Please refer to\nhttps://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD\n" }, { "path": "Gemfile", "content": "# This gemfile provides additional gems for testing and releasing this cookbook\n# It is meant to be installed on top of ChefDK / Chef Workstation which provide the majority\n# of the necessary gems for testing this cookbook\n#\n# Run 'chef exec bundle install' to install these dependencies\n\nsource 'https://rubygems.org'\n\ngem 'community_cookbook_releaser'\n" }, { "path": "LICENSE", "content": " Apache License\n Version 2.0, January 2004\n http://www.apache.org/licenses/\n\n TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION\n\n 1. Definitions.\n\n \"License\" shall mean the terms and conditions for use, reproduction,\n and distribution as defined by Sections 1 through 9 of this document.\n\n \"Licensor\" shall mean the copyright owner or entity authorized by\n the copyright owner that is granting the License.\n\n \"Legal Entity\" shall mean the union of the acting entity and all\n other entities that control, are controlled by, or are under common\n control with that entity. For the purposes of this definition,\n \"control\" means (i) the power, direct or indirect, to cause the\n direction or management of such entity, whether by contract or\n otherwise, or (ii) ownership of fifty percent (50%) or more of the\n outstanding shares, or (iii) beneficial ownership of such entity.\n\n \"You\" (or \"Your\") shall mean an individual or Legal Entity\n exercising permissions granted by this License.\n\n \"Source\" form shall mean the preferred form for making modifications,\n including but not limited to software source code, documentation\n source, and configuration files.\n\n \"Object\" form shall mean any form resulting from mechanical\n transformation or translation of a Source form, including but\n not limited to compiled object code, generated documentation,\n and conversions to other media types.\n\n \"Work\" shall mean the work of authorship, whether in Source or\n Object form, made available under the License, as indicated by a\n copyright notice that is included in or attached to the work\n (an example is provided in the Appendix below).\n\n \"Derivative Works\" shall mean any work, whether in Source or Object\n form, that is based on (or derived from) the Work and for which the\n editorial revisions, annotations, elaborations, or other modifications\n represent, as a whole, an original work of authorship. For the purposes\n of this License, Derivative Works shall not include works that remain\n separable from, or merely link (or bind by name) to the interfaces of,\n the Work and Derivative Works thereof.\n\n \"Contribution\" shall mean any work of authorship, including\n the original version of the Work and any modifications or additions\n to that Work or Derivative Works thereof, that is intentionally\n submitted to Licensor for inclusion in the Work by the copyright owner\n or by an individual or Legal Entity authorized to submit on behalf of\n the copyright owner. For the purposes of this definition, \"submitted\"\n means any form of electronic, verbal, or written communication sent\n to the Licensor or its representatives, including but not limited to\n communication on electronic mailing lists, source code control systems,\n and issue tracking systems that are managed by, or on behalf of, the\n Licensor for the purpose of discussing and improving the Work, but\n excluding communication that is conspicuously marked or otherwise\n designated in writing by the copyright owner as \"Not a Contribution.\"\n\n \"Contributor\" shall mean Licensor and any individual or Legal Entity\n on behalf of whom a Contribution has been received by Licensor and\n subsequently incorporated within the Work.\n\n 2. Grant of Copyright License. Subject to the terms and conditions of\n this License, each Contributor hereby grants to You a perpetual,\n worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n copyright license to reproduce, prepare Derivative Works of,\n publicly display, publicly perform, sublicense, and distribute the\n Work and such Derivative Works in Source or Object form.\n\n 3. Grant of Patent License. Subject to the terms and conditions of\n this License, each Contributor hereby grants to You a perpetual,\n worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n (except as stated in this section) patent license to make, have made,\n use, offer to sell, sell, import, and otherwise transfer the Work,\n where such license applies only to those patent claims licensable\n by such Contributor that are necessarily infringed by their\n Contribution(s) alone or by combination of their Contribution(s)\n with the Work to which such Contribution(s) was submitted. If You\n institute patent litigation against any entity (including a\n cross-claim or counterclaim in a lawsuit) alleging that the Work\n or a Contribution incorporated within the Work constitutes direct\n or contributory patent infringement, then any patent licenses\n granted to You under this License for that Work shall terminate\n as of the date such litigation is filed.\n\n 4. Redistribution. You may reproduce and distribute copies of the\n Work or Derivative Works thereof in any medium, with or without\n modifications, and in Source or Object form, provided that You\n meet the following conditions:\n\n (a) You must give any other recipients of the Work or\n Derivative Works a copy of this License; and\n\n (b) You must cause any modified files to carry prominent notices\n stating that You changed the files; and\n\n (c) You must retain, in the Source form of any Derivative Works\n that You distribute, all copyright, patent, trademark, and\n attribution notices from the Source form of the Work,\n excluding those notices that do not pertain to any part of\n the Derivative Works; and\n\n (d) If the Work includes a \"NOTICE\" text file as part of its\n distribution, then any Derivative Works that You distribute must\n include a readable copy of the attribution notices contained\n within such NOTICE file, excluding those notices that do not\n pertain to any part of the Derivative Works, in at least one\n of the following places: within a NOTICE text file distributed\n as part of the Derivative Works; within the Source form or\n documentation, if provided along with the Derivative Works; or,\n within a display generated by the Derivative Works, if and\n wherever such third-party notices normally appear. The contents\n of the NOTICE file are for informational purposes only and\n do not modify the License. You may add Your own attribution\n notices within Derivative Works that You distribute, alongside\n or as an addendum to the NOTICE text from the Work, provided\n that such additional attribution notices cannot be construed\n as modifying the License.\n\n You may add Your own copyright statement to Your modifications and\n may provide additional or different license terms and conditions\n for use, reproduction, or distribution of Your modifications, or\n for any such Derivative Works as a whole, provided Your use,\n reproduction, and distribution of the Work otherwise complies with\n the conditions stated in this License.\n\n 5. Submission of Contributions. Unless You explicitly state otherwise,\n any Contribution intentionally submitted for inclusion in the Work\n by You to the Licensor shall be under the terms and conditions of\n this License, without any additional terms or conditions.\n Notwithstanding the above, nothing herein shall supersede or modify\n the terms of any separate license agreement you may have executed\n with Licensor regarding such Contributions.\n\n 6. Trademarks. This License does not grant permission to use the trade\n names, trademarks, service marks, or product names of the Licensor,\n except as required for reasonable and customary use in describing the\n origin of the Work and reproducing the content of the NOTICE file.\n\n 7. Disclaimer of Warranty. Unless required by applicable law or\n agreed to in writing, Licensor provides the Work (and each\n Contributor provides its Contributions) on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or\n implied, including, without limitation, any warranties or conditions\n of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A\n PARTICULAR PURPOSE. You are solely responsible for determining the\n appropriateness of using or redistributing the Work and assume any\n risks associated with Your exercise of permissions under this License.\n\n 8. Limitation of Liability. In no event and under no legal theory,\n whether in tort (including negligence), contract, or otherwise,\n unless required by applicable law (such as deliberate and grossly\n negligent acts) or agreed to in writing, shall any Contributor be\n liable to You for damages, including any direct, indirect, special,\n incidental, or consequential damages of any character arising as a\n result of this License or out of the use or inability to use the\n Work (including but not limited to damages for loss of goodwill,\n work stoppage, computer failure or malfunction, or any and all\n other commercial damages or losses), even if such Contributor\n has been advised of the possibility of such damages.\n\n 9. Accepting Warranty or Additional Liability. While redistributing\n the Work or Derivative Works thereof, You may choose to offer,\n and charge a fee for, acceptance of support, warranty, indemnity,\n or other liability obligations and/or rights consistent with this\n License. However, in accepting such obligations, You may act only\n on Your own behalf and on Your sole responsibility, not on behalf\n of any other Contributor, and only if You agree to indemnify,\n defend, and hold each Contributor harmless for any liability\n incurred by, or claims asserted against, such Contributor by reason\n of your accepting any such warranty or additional liability.\n\n END OF TERMS AND CONDITIONS\n\n APPENDIX: How to apply the Apache License to your work.\n\n To apply the Apache License to your work, attach the following\n boilerplate notice, with the fields enclosed by brackets \"{}\"\n replaced with your own identifying information. (Don't include\n the brackets!) The text should be enclosed in the appropriate\n comment syntax for the file format. We also recommend that a\n file or class name and description of purpose be included on the\n same \"printed page\" as the copyright notice for easier\n identification within third-party archives.\n\n Copyright {yyyy} {name of copyright owner}\n\n Licensed under the Apache License, Version 2.0 (the \"License\");\n you may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\n Unless required by applicable law or agreed to in writing, software\n distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions and\n limitations under the License.\n\n" }, { "path": "README.md", "content": "# Windows Cookbook\n\n[![Build status](https://ci.appveyor.com/api/projects/status/9x4uepmm1g4rktie/branch/master?svg=true)](https://ci.appveyor.com/project/ChefWindowsCookbooks/windows/branch/master) [![Cookbook Version](https://img.shields.io/cookbook/v/windows.svg)](https://supermarket.chef.io/cookbooks/windows)\n\nProvides a set of Windows-specific resources to aid in the creation of cookbooks/recipes targeting the Windows platform.\n\n## EOL Notice\n\nThis cookbook is no longer required for managing Windows nodes with Chef Infra. The necessary resources and helpers are now built into Chef Infra Client itself. These built-in resources are more feature rich and execute faster.\n\n## Requirements\n\n### Platforms\n\n- Windows 7 (EOL)\n- Windows Server 2008 R2 (EOL)\n- Windows 8, 8.1\n- Windows Server 2012 (R1, R2)\n- Windows Server 2016\n\n### Chef\n\n- Chef 14.7+\n\n## Resources\n\n### windows_certificate_binding\n\nBinds a certificate to an HTTP port to enable TLS communication.\n\n#### Actions\n\n- `:create` - creates or updates a binding.\n- `:delete` - deletes a binding.\n\n#### Properties\n\n- `cert_name` - name attribute. The thumbprint(hash) or subject that identifies the certificate to be bound.\n- `name_kind` - indicates the type of cert_name. One of :subject (default) or :hash.\n- `address` - the address to bind against. Default is 0.0.0.0 (all IP addresses). One of:\n - IP v4 address `1.2.3.4`\n - IP v6 address `[::1]`\n - Host name `www.foo.com`\n- `port` - the port to bind against. Default is 443.\n- `app_id` - the GUID that defines the application that owns the binding. Default is the values used by IIS.\n- `store_name` - the store to locate the certificate in. One of:\n - MY (Personal)\n - CA (Intermediate Certification Authorities)\n - ROOT (Trusted Root Certification Authorities)\n - TRUSTEDPUBLISHER (Trusted Publishers)\n - CLIENTAUTHISSUER (Client Authentication Issuers)\n - REMOTE DESKTOP (Remote Desktop)\n - TRUSTEDDEVICES (Trusted Devices)\n - WEBHOSTING (Web Hosting)\n - AUTHROOT (Third-Party Root Certification Authorities)\n - TRUSTEDPEOPLE (Trusted People)\n - SMARTCARDROOT (Smart Card Trusted Roots)\n - TRUST (Enterprise Trust)\n\n#### Examples\n\n```ruby\n# Bind the first certificate matching the subject to the default TLS port\nwindows_certificate_binding \"me.acme.com\" do\nend\n```\n\n```ruby\n# Bind a cert from the CA store with the given hash to port 4334\nwindows_certificate_binding \"me.acme.com\" do\n cert_name \"d234567890a23f567c901e345bc8901d34567890\"\n name_kind :hash\n store_name \"CA\"\n port 4334\nend\n```\n\n### windows_dns\n\n`Note`: This resource is now included in Chef 15 and later. If you are using newer versions of [windows](https://devblogs.microsoft.com/powershell/configuration-in-a-devops-world-windows-powershell-desired-state-configuration/) then should use the core [resource](https://github.com/chef/chef/blob/master/RELEASE_NOTES.md#windows_dns_record-resource) instead of windows_dns.\n\nConfigures A and CNAME records in Windows DNS. This requires the DNSCMD to be installed, which is done by adding the DNS role to the server or installing the Remote Server Admin Tools.\n\n#### Actions\n\n- :create: creates/updates the DNS entry\n- :delete: deletes the DNS entry\n\n#### Properties\n\n- host_name: name attribute. FQDN of the entry to act on.\n- dns_server: the DNS server to update. Default is local machine (.)\n- record_type: the type of record to create. One of A (default) or CNAME\n- target: for A records an array of IP addresses to associate with the host; for CNAME records the FQDN of the host to alias\n- ttl: if > 0 then set the time to live of the record\n\n#### Examples\n\n```ruby\n# Create A record linked to 2 addresses with a 10 minute ttl\nwindows_dns \"m1.chef.test\" do\n target ['10.9.8.7', '1.2.3.4']\n ttl 600\nend\n```\n\n```ruby\n# Delete records. target is mandatory although not used\nwindows_dns \"m1.chef.test\" do\n action :delete\n target []\nend\n```\n\n```ruby\n# Set an alias against the node in a role\nnodes = search( :node, \"role:my_service\" )\nwindows_dns \"myservice.chef.test\" do\n record_type 'CNAME'\n target nodes[0]['fqdn']\nend\n```\n\n### windows_http_acl\n\nSets the Access Control List for an http URL to grant non-admin accounts permission to open HTTP endpoints.\n\n#### Actions\n\n- `:create` - creates or updates the ACL for a URL.\n- `:delete` - deletes the ACL from a URL.\n\n#### Properties\n\n- `url` - the name of the url to be created/deleted.\n- `sddl` - the DACL string configuring all permissions to URL. Mandatory for create if user is not provided. Can't be use with `user`.\n- `user` - the name (domain\\user) of the user or group to be granted permission to the URL. Mandatory for create if sddl is not provided. Can't be use with `sddl`. Only one user or group can be granted permission so this replaces any previously defined entry. If you receive a parameter error your user may not exist.\n\n#### Examples\n\n```ruby\nwindows_http_acl 'http://+:50051/' do\n user 'pc\\\\fred'\nend\n```\n\n```ruby\n# Grant access to users \"NT SERVICE\\WinRM\" and \"NT SERVICE\\Wecsvc\" via sddl\nwindows_http_acl 'http://+:5985/' do\n sddl 'D:(A;;GX;;;S-1-5-80-569256582-2953403351-2909559716-1301513147-412116970)(A;;GX;;;S-1-5-80-4059739203-877974739-1245631912-527174227-2996563517)'\nend\n```\n\n```ruby\nwindows_http_acl 'http://+:50051/' do\n action :delete\nend\n```\n\n### windows_schannel\n\nUsed to configure the schannel security settings in windows, this is used by dotnet apps and PowerShell to be able to speak to tls 1.2 endpoints\n\n#### Actions\n\n- `configure`: Configures the setting\n\n#### Properties\n\nproperty | type | default | description\n------------------------ | ---------- | ------------- | -----------------------------------------------------------------------------------------------------------------------------------------------------------\n`use_strong_crypto` | True, False | true | Enables or disables the setting\n\n### windows_user_privilege\n\nAdds the `principal` (User/Group) to the specified privileges (such as `Logon as a batch job` or `Logon as a Service`).\n\n#### Actions\n\n- `:add` - add the specified privileges to the `principal`\n- `:remove` - remove the specified privilege of the `principal`\n\n#### Properties\n\n- `principal` - Name attribute, Required, String. The user or group to be granted privileges.\n- `privilege` - Required, String/Array. The privilege(s) to be granted.\n\n#### Examples\n\nGrant the Administrator user the `Logon as a batch job` and `Logon as a service` privilege.\n\n```ruby\nwindows_user_privilege 'Administrator' do\n privilege %w(SeBatchLogonRight SeServiceLogonRight)\nend\n```\n\nRemove `Logon as a batch job` privilege of Administrator.\n\n```ruby\nwindows_user_privilege 'Administrator' do\n privilege %w(SeBatchLogonRight)\n action :remove\nend\n```\n\n#### Available Privileges\n\n```\nSeTrustedCredManAccessPrivilege Access Credential Manager as a trusted caller\nSeNetworkLogonRight Access this computer from the network\nSeTcbPrivilege Act as part of the operating system\nSeMachineAccountPrivilege Add workstations to domain\nSeIncreaseQuotaPrivilege Adjust memory quotas for a process\nSeInteractiveLogonRight Allow log on locally\nSeRemoteInteractiveLogonRight Allow log on through Remote Desktop Services\nSeBackupPrivilege Back up files and directories\nSeChangeNotifyPrivilege Bypass traverse checking\nSeSystemtimePrivilege Change the system time\nSeTimeZonePrivilege Change the time zone\nSeCreatePagefilePrivilege Create a pagefile\nSeCreateTokenPrivilege Create a token object\nSeCreateGlobalPrivilege Create global objects\nSeCreatePermanentPrivilege Create permanent shared objects\nSeCreateSymbolicLinkPrivilege Create symbolic links\nSeDebugPrivilege Debug programs\nSeDenyNetworkLogonRight Deny access this computer from the network\nSeDenyBatchLogonRight Deny log on as a batch job\nSeDenyServiceLogonRight Deny log on as a service\nSeDenyInteractiveLogonRight Deny log on locally\nSeDenyRemoteInteractiveLogonRight Deny log on through Remote Desktop Services\nSeEnableDelegationPrivilege Enable computer and user accounts to be trusted for delegation\nSeRemoteShutdownPrivilege Force shutdown from a remote system\nSeAuditPrivilege Generate security audits\nSeImpersonatePrivilege Impersonate a client after authentication\nSeIncreaseWorkingSetPrivilege Increase a process working set\nSeIncreaseBasePriorityPrivilege Increase scheduling priority\nSeLoadDriverPrivilege Load and unload device drivers\nSeLockMemoryPrivilege Lock pages in memory\nSeBatchLogonRight Log on as a batch job\nSeServiceLogonRight Log on as a service\nSeSecurityPrivilege Manage auditing and security log\nSeRelabelPrivilege Modify an object label\nSeSystemEnvironmentPrivilege Modify firmware environment values\nSeManageVolumePrivilege Perform volume maintenance tasks\nSeProfileSingleProcessPrivilege Profile single process\nSeSystemProfilePrivilege Profile system performance\nSeUnsolicitedInputPrivilege \"Read unsolicited input from a terminal device\"\nSeUndockPrivilege Remove computer from docking station\nSeAssignPrimaryTokenPrivilege Replace a process level token\nSeRestorePrivilege Restore files and directories\nSeShutdownPrivilege Shut down the system\nSeSyncAgentPrivilege Synchronize directory service data\nSeTakeOwnershipPrivilege Take ownership of files or other objects\n```\n\n### windows_zipfile\n\n`Note`: This resource has been deprecated as Chef Infra Client 15.0 shipped with a new archive_file resource, which natively handles multiple archive formats. Please update any cookbooks using this resource to instead use the `archive_file` resource: https://docs.chef.io/resource_archive_file.html\n\nMost versions of Windows do not ship with native cli utility for managing compressed files. This resource provides a pure-ruby implementation for managing zip files. Be sure to use the `not_if` or `only_if` meta parameters to guard the resource for idempotence or action will be taken every Chef run.\n\n#### Actions\n\n- `:unzip` - unzip a compressed file\n- `:zip` - zip a directory (recursively)\n\n#### Properties\n\n- `path` - name attribute. The path where files will be (un)zipped to.\n- `source` - source of the zip file (either a URI or local path) for :unzip, or directory to be zipped for :zip.\n- `overwrite` - force an overwrite of the files if they already exist.\n- `checksum` - for :unzip, useful if source is remote, if the local file matches the SHA-256 checksum, Chef will not download it.\n\n#### Examples\n\nUnzip a remote zip file locally\n\n```ruby\nwindows_zipfile 'c:/bin' do\n source 'http://download.sysinternals.com/Files/SysinternalsSuite.zip'\n action :unzip\n not_if {::File.exists?('c:/bin/PsExec.exe')}\nend\n```\n\nUnzip a local zipfile\n\n```ruby\nwindows_zipfile 'c:/the_codez' do\n source 'c:/foo/baz/the_codez.zip'\n action :unzip\nend\n```\n\nCreate a local zipfile\n\n```ruby\nwindows_zipfile 'c:/foo/baz/the_codez.zip' do\n source 'c:/the_codez'\n action :zip\nend\n```\n\n## Libraries\n\n### WindowsHelper\n\nHelper that allows you to use helpful functions in windows\n\n#### installed_packages\n\nReturns a hash of all DisplayNames installed\n\n```ruby\n# usage in a recipe\n::Chef::DSL::Recipe.send(:include, Windows::Helper)\nhash_of_installed_packages = installed_packages\n```\n\n#### is_package_installed?\n\n- `package_name` - The name of the package you want to query to see if it is installed\n- `returns` - true if the package is installed, false if it the package is not installed\n\nDownload a file if a package isn't installed\n\n```ruby\n# usage in a recipe to not download a file if package is already installed\n::Chef::DSL::Recipe.send(:include, Windows::Helper)\nis_win_sdk_installed = is_package_installed?('Windows Software Development Kit')\n\nremote_file 'C:\\windows\\temp\\windows_sdk.zip' do\n source 'http://url_to_download/windows_sdk.zip'\n action :create_if_missing\n not_if {is_win_sdk_installed}\nend\n```\n\nDo something if a package is installed\n\n```ruby\n# usage in a provider\ninclude Windows::Helper\nif is_package_installed?('Windows Software Development Kit')\n # do something if package is installed\nend\n```\n\n### Windows::VersionHelper\n\nHelper that allows you to get information on the windows version running on your node. It leverages windows ohai from kernel.os_info, easy to mock and to use even on Linux.\n\n#### core_version?\n\nDetermines whether the given node is running on a Windows Core.\n\n```ruby\nif ::Windows::VersionHelper.core_version? node\n fail 'Windows Core is not supported'\nend\n```\n\n#### workstation_version?\n\nDetermines whether the given node is a windows workstation version (XP, Vista, 7, 8, 8.1, 10)\n\n```ruby\nif ::Windows::VersionHelper.workstation_version? node\n fail 'Only server version of windows are supported'\nend\n```\n\n#### server_version?\n\nDetermines whether the given node is a windows server version (Server 2003, Server 2008, Server 2012, Server 2016)\n\n```ruby\nif ::Windows::VersionHelper.server_version? node\n puts 'Server version of windows are cool'\nend\n```\n\n#### nt_version\n\nDetermines NT version of the given node\n\n```ruby\ncase ::Windows::VersionHelper.nt_version node\n when '6.0' then 'Windows vista or Server 2008'\n when '6.1' then 'Windows 7 or Server 2008R2'\n when '6.2' then 'Windows 8 or Server 2012'\n when '6.3' then 'Windows 8.1 or Server 2012R2'\n when '10.0' then 'Windows 10'\nend\n```\n\n## Usage\n\nPlace an explicit dependency on this cookbook (using depends in the cookbook's metadata.rb) from any cookbook where you would like to use the Windows-specific resources/providers that ship with this cookbook.\n\n```ruby\ndepends 'windows'\n```\n\n## License & Authors\n\n- Author:: Seth Chisamore ([schisamo@chef.io](mailto:schisamo@chef.io))\n- Author:: Doug MacEachern ([dougm@vmware.com](mailto:dougm@vmware.com))\n- Author:: Paul Morton ([pmorton@biaprotect.com](mailto:pmorton@biaprotect.com))\n- Author:: Doug Ireton ([doug.ireton@nordstrom.com](mailto:doug.ireton@nordstrom.com))\n\n```text\nCopyright 2011-2018, Chef Software, Inc.\nCopyright 2010, VMware, Inc.\nCopyright 2011, Business Intelligence Associates, Inc\nCopyright 2012, Nordstrom, Inc.\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n" }, { "path": "TESTING.md", "content": "Please refer to\n\n" }, { "path": "appveyor.yml", "content": "environment:\n machine_user: vagrant\n machine_pass: vagrant\n KITCHEN_YAML: kitchen.appveyor.yml\n CHEF_LICENSE: accept\n\nbranches:\n only:\n - master\n\n# Do not build on tags (GitHub only)\nskip_tags: true\n\n#faster cloning\nclone_depth: 1\n\n# Install the latest nightly of Chef Workstation\ninstall:\n - ps: (& cmd /c); iex (irm https://omnitruck.chef.io/install.ps1); Install-Project -Project chef-workstation -channel current\n - ps: 'Get-CimInstance win32_operatingsystem -Property Caption, OSArchitecture, Version | fl Caption, OSArchitecture, Version'\n - ps: $PSVersionTable\n - c:\\opscode\\chef-workstation\\bin\\chef-cli.bat exec ruby --version\n - ps: secedit /export /cfg $env:temp/export.cfg\n - ps: ((get-content $env:temp/export.cfg) -replace ('PasswordComplexity = 1', 'PasswordComplexity = 0')) | Out-File $env:temp/export.cfg\n - ps: ((get-content $env:temp/export.cfg) -replace ('MinimumPasswordLength = 8', 'MinimumPasswordLength = 0')) | Out-File $env:temp/export.cfg\n - ps: secedit /configure /db $env:windir/security/new.sdb /cfg $env:temp/export.cfg /areas SECURITYPOLICY\n - ps: net user /add $env:machine_user $env:machine_pass\n - ps: net localgroup administrators $env:machine_user /add\n\nbuild_script:\n - ps: c:\\opscode\\chef-workstation\\bin\\chef-cli.bat shell-init powershell | iex; cmd /c c:\\opscode\\chef-workstation\\bin\\chef-cli.bat --version\n\ntest_script:\n - c:\\opscode\\chef-workstation\\bin\\chef-cli.bat exec kitchen verify\n\ndeploy: off\n" }, { "path": "chefignore", "content": "# Put files/directories that should be ignored in this file when uploading\n# to a Chef Infra Server or Supermarket.\n# Lines that start with '# ' are comments.\n\n# OS generated files #\n######################\n.DS_Store\nehthumbs.db\nIcon?\nnohup.out\nThumbs.db\n.envrc\n\n# EDITORS #\n###########\n.#*\n.project\n.settings\n*_flymake\n*_flymake.*\n*.bak\n*.sw[a-z]\n*.tmproj\n*~\n\\#*\nREVISION\nTAGS*\ntmtags\n.vscode\n.editorconfig\n\n## COMPILED ##\n##############\n*.class\n*.com\n*.dll\n*.exe\n*.o\n*.pyc\n*.so\n*/rdoc/\na.out\nmkmf.log\n\n# Testing #\n###########\n.circleci/*\n.codeclimate.yml\n.delivery/*\n.foodcritic\n.kitchen*\n.mdlrc\n.overcommit.yml\n.rspec\n.rubocop.yml\n.travis.yml\n.watchr\n.yamllint\nazure-pipelines.yml\nDangerfile\nexamples/*\nfeatures/*\nGuardfile\nkitchen.yml*\nmlc_config.json\nProcfile\nRakefile\nspec/*\ntest/*\n\n# SCM #\n#######\n.git\n.gitattributes\n.gitconfig\n.github/*\n.gitignore\n.gitkeep\n.gitmodules\n.svn\n*/.bzr/*\n*/.git\n*/.hg/*\n*/.svn/*\n\n# Berkshelf #\n#############\nBerksfile\nBerksfile.lock\ncookbooks/*\ntmp\n\n# Bundler #\n###########\nvendor/*\nGemfile\nGemfile.lock\n\n# Policyfile #\n##############\nPolicyfile.rb\nPolicyfile.lock.json\n\n# Documentation #\n#############\nCODE_OF_CONDUCT*\nCONTRIBUTING*\ndocumentation/*\nTESTING*\nUPGRADING*\n\n# Vagrant #\n###########\n.vagrant\nVagrantfile\n" }, { "path": "kitchen.appveyor.yml", "content": "---\ndriver:\n name: proxy\n host: localhost\n reset_command: \"exit 0\"\n port: 5985\n username: <%= ENV[\"machine_user\"] %>\n password: <%= ENV[\"machine_pass\"] %>\n\ntransport:\n name: winrm\n elevated: true\n\nprovisioner:\n name: chef_zero\n deprecations_as_errors: true\n product_name: chef\n product_version: 14.7\n\nplatforms:\n - name: windows-2012R2\n\nverifier:\n name: inspec\n\nsuites:\n - name: http_acl\n run_list:\n - recipe[test::http_acl]\n - name: user_privilege\n run_list:\n - recipe[test::user_privilege]\n - name: schannel\n run_list:\n - recipe[test::schannel]\n" }, { "path": "kitchen.yml", "content": "driver:\n name: vagrant\n customize:\n cpus: 2\n memory: 4096\n\ntransport:\n name: winrm\n elevated: true\n\nprovisioner:\n name: chef_zero\n deprecations_as_errors: true\n product_name: chef\n product_version: 14.7\n\nverifier:\n name: inspec\n\nplatforms:\n - name: windows-8.1\n driver:\n box: chef/windows-8.1-enterprise\n - name: windows-10\n driver:\n box: chef/windows-10-enterprise\n - name: windows-2012r2\n driver:\n box: tas50/windows_2012r2\n - name: windows-2016\n driver:\n box: tas50/windows_2016\n - name: windows-2019\n driver:\n box: tas50/windows_2019\n\nsuites:\n - name: http_acl\n run_list:\n - recipe[test::http_acl]\n - name: schannel\n run_list:\n - recipe[test::schannel]\n - name: zipfile\n run_list:\n - recipe[test::zipfile]\n - name: user_privilege\n run_list:\n - recipe[test::user_privilege]\n - name: everything\n run_list:\n - recipe[test::everything]\n" }, { "path": "libraries/powershell_helper.rb", "content": "#\n# Author:: Seth Chisamore ()\n# Cookbook:: windows\n# Library:: powershell_helper\n#\n# Copyright:: 2011-2018, Chef Software, Inc.\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this file except in compliance with the License.\n# You may obtain a copy of the License at\n#\n# http://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing, software\n# distributed under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License for the specific language governing permissions and\n# limitations under the License.\n#\n\nrequire 'chef/mixin/shell_out'\n\nmodule Powershell\n module Helper\n include Chef::Mixin::ShellOut\n\n def powershell_installed?\n !powershell_version.nil?\n end\n\n def interpreter\n # force 64-bit powershell from 32-bit ruby process\n if ::File.exist?(\"#{ENV['WINDIR']}\\\\sysnative\\\\WindowsPowershell\\\\v1.0\\\\powershell.exe\")\n \"#{ENV['WINDIR']}\\\\sysnative\\\\WindowsPowershell\\\\v1.0\\\\powershell.exe\"\n elsif ::File.exist?(\"#{ENV['WINDIR']}\\\\system32\\\\WindowsPowershell\\\\v1.0\\\\powershell.exe\")\n \"#{ENV['WINDIR']}\\\\system32\\\\WindowsPowershell\\\\v1.0\\\\powershell.exe\"\n else\n 'powershell.exe'\n end\n end\n\n def powershell_version\n cmd = shell_out(\"#{interpreter} -InputFormat none -Command \\\"& echo $PSVersionTable.psversion.major\\\"\")\n if cmd.stdout.empty? # PowerShell 1.0 doesn't have a $PSVersionTable\n 1\n elsif cmd.stdout =~ /^(\\d+)/\n Regexp.last_match(1).to_i\n end\n rescue Errno::ENOENT\n nil\n end\n end\nend\n" }, { "path": "libraries/registry_helper.rb", "content": "#\n# Author:: Doug MacEachern ()\n# Author:: Seth Chisamore ()\n# Author:: Paul Morton ()\n# Cookbook:: windows\n# Library:: registry_helper\n#\n# Copyright:: 2010-2017, VMware, Inc.\n# Copyright:: 2011-2018, Chef Software, Inc.\n# Copyright:: 2011-2017, Business Intelligence Associates, Inc\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this file except in compliance with the License.\n# You may obtain a copy of the License at\n#\n# http://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing, software\n# distributed under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License for the specific language governing permissions and\n# limitations under the License.\n#\n\nif RUBY_PLATFORM =~ /mswin|mingw32|windows/\n require 'win32/registry'\n require_relative 'wmi_helper'\nend\n\nmodule Windows\n module RegistryHelper\n @@native_registry_constant = if ENV['PROCESSOR_ARCHITECTURE'] == 'AMD64' ||\n ENV['PROCESSOR_ARCHITEW6432'] == 'AMD64'\n 0x0100\n else\n 0x0200\n end\n\n def get_hive_name(path)\n Chef::Log.debug('Resolving registry shortcuts to full names')\n\n reg_path = path.split('\\\\')\n hive_name = reg_path.shift\n\n hkey = {\n 'HKLM' => 'HKEY_LOCAL_MACHINE',\n 'HKCU' => 'HKEY_CURRENT_USER',\n 'HKU' => 'HKEY_USERS',\n }[hive_name] || hive_name\n\n Chef::Log.debug(\"Hive resolved to #{hkey}\")\n hkey\n end\n\n def get_hive(path)\n Chef::Log.debug(\"Getting hive for #{path}\")\n reg_path = path.split('\\\\')\n hive_name = reg_path.shift\n\n hkey = get_hive_name(path)\n\n hive = {\n 'HKEY_LOCAL_MACHINE' => ::Win32::Registry::HKEY_LOCAL_MACHINE,\n 'HKEY_USERS' => ::Win32::Registry::HKEY_USERS,\n 'HKEY_CURRENT_USER' => ::Win32::Registry::HKEY_CURRENT_USER,\n }[hkey]\n\n unless hive\n raise(\"Unsupported registry hive '#{hive_name}'\")\n end\n\n Chef::Log.debug(\"Registry hive resolved to #{hkey}\")\n hive\n end\n\n def unload_hive(path)\n hive = get_hive(path)\n if hive == ::Win32::Registry::HKEY_USERS\n reg_path = path.split('\\\\')\n priv = Chef::WindowsPrivileged.new\n begin\n priv.reg_unload_key(reg_path[1])\n rescue\n end\n end\n end\n\n def set_value(mode, path, values, type = nil)\n hive, reg_path, hive_name, root_key, hive_loaded = get_reg_path_info(path)\n key_name = reg_path.join('\\\\')\n\n Chef::Log.debug(\"Creating #{path}\")\n\n create_key(path) unless key_exists?(path, true)\n\n hive.send(mode, key_name, ::Win32::Registry::KEY_ALL_ACCESS | @@native_registry_constant) do |reg|\n changed_something = false\n values.each do |k, val|\n key = k.to_s # wtf. avoid \"can't modify frozen string\" in win32/registry.rb\n cur_val = nil\n begin\n cur_val = reg[key]\n rescue\n # subkey does not exist (ok)\n end\n\n next unless cur_val != val\n\n Chef::Log.debug(\"setting #{key}=#{val}\")\n\n type = :string if type.nil?\n\n reg_type = {\n binary: ::Win32::Registry::REG_BINARY,\n string: ::Win32::Registry::REG_SZ,\n multi_string: ::Win32::Registry::REG_MULTI_SZ,\n expand_string: ::Win32::Registry::REG_EXPAND_SZ,\n dword: ::Win32::Registry::REG_DWORD,\n dword_big_endian: ::Win32::Registry::REG_DWORD_BIG_ENDIAN,\n qword: ::Win32::Registry::REG_QWORD,\n }[type]\n\n reg.write(key, reg_type, val)\n\n ensure_hive_unloaded(hive_loaded)\n\n changed_something = true\n end\n return changed_something\n end\n false\n end\n\n def get_value(path, value)\n hive, reg_path, hive_name, root_key, hive_loaded = get_reg_path_info(path)\n key = reg_path.join('\\\\')\n\n hive.open(key, ::Win32::Registry::KEY_ALL_ACCESS | @@native_registry_constant) do |reg|\n begin\n return reg[value]\n rescue\n return nil\n ensure\n ensure_hive_unloaded(hive_loaded)\n end\n end\n end\n\n def get_values(path)\n hive, reg_path, hive_name, root_key, hive_loaded = get_reg_path_info(path)\n key = reg_path.join('\\\\')\n hive.open(key, ::Win32::Registry::KEY_ALL_ACCESS | @@native_registry_constant) do |reg|\n values = []\n begin\n reg.each_value do |name, type, data|\n values << [name, type, data]\n end\n rescue\n ensure\n ensure_hive_unloaded(hive_loaded)\n end\n values\n end\n end\n\n def delete_value(path, values)\n hive, reg_path, hive_name, root_key, hive_loaded = get_reg_path_info(path)\n key = reg_path.join('\\\\')\n Chef::Log.debug(\"Deleting values in #{path}\")\n hive.open(key, ::Win32::Registry::KEY_ALL_ACCESS | @@native_registry_constant) do |reg|\n values.each_key do |key|\n name = key.to_s\n # Ensure delete operation is idempotent.\n if value_exists?(path, key)\n Chef::Log.debug(\"Deleting value #{name} in #{path}\")\n reg.delete_value(name)\n else\n Chef::Log.debug(\"Value #{name} in #{path} does not exist, skipping.\")\n end\n end\n end\n end\n\n def create_key(path)\n hive, reg_path, hive_name, root_key, hive_loaded = get_reg_path_info(path)\n key = reg_path.join('\\\\')\n Chef::Log.debug(\"Creating registry key #{path}\")\n hive.create(key)\n end\n\n def value_exists?(path, value)\n if key_exists?(path, true)\n\n hive, reg_path, hive_name, root_key, hive_loaded = get_reg_path_info(path)\n key = reg_path.join('\\\\')\n\n Chef::Log.debug(\"Attempting to open #{key}\")\n Chef::Log.debug(\"Native Constant #{@@native_registry_constant}\")\n Chef::Log.debug(\"Hive #{hive}\")\n\n hive.open(key, ::Win32::Registry::KEY_READ | @@native_registry_constant) do |reg|\n begin\n rtn_value = reg[value]\n return true\n rescue\n return false\n ensure\n ensure_hive_unloaded(hive_loaded)\n end\n end\n\n end\n false\n end\n\n # TODO: Does not load user registry...\n def key_exists?(path, load_hive = false)\n if load_hive\n hive, reg_path, hive_name, root_key, hive_loaded = get_reg_path_info(path)\n key = reg_path.join('\\\\')\n else\n hive = get_hive(path)\n reg_path = path.split('\\\\')\n hive_name = reg_path.shift\n root_key = reg_path[0]\n key = reg_path.join('\\\\')\n hive_loaded = false\n end\n\n begin\n hive.open(key, ::Win32::Registry::Constants::KEY_READ | @@native_registry_constant)\n true\n rescue\n false\n ensure\n ensure_hive_unloaded(hive_loaded)\n end\n end\n\n def get_user_hive_location(sid)\n reg_key = \"HKLM\\\\SOFTWARE\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\ProfileList\\\\#{sid}\"\n Chef::Log.debug(\"Looking for profile at #{reg_key}\")\n if key_exists?(reg_key)\n get_value(reg_key, 'ProfileImagePath')\n end\n end\n\n def resolve_user_to_sid(username)\n user_query = execute_wmi_query(\"select * from Win32_UserAccount where Name='#{username}'\")\n sid = nil\n\n user_query.each do |user|\n sid = wmi_object_property(user, 'sid')\n break\n end\n\n Chef::Log.debug(\"Resolved user SID to #{sid}\")\n sid\n rescue\n nil\n end\n\n def hive_loaded?(path)\n hive = get_hive(path)\n reg_path = path.split('\\\\')\n hive_name = reg_path.shift\n user_hive = path[0]\n\n if user_hive?(hive)\n key_exists?(\"#{hive_name}\\\\#{user_hive}\")\n else\n true\n end\n end\n\n def user_hive?(hive)\n hive == ::Win32::Registry::HKEY_USERS\n end\n\n def get_reg_path_info(path)\n hive = get_hive(path)\n reg_path = path.split('\\\\')\n hive_name = reg_path.shift\n root_key = reg_path[0]\n hive_loaded = false\n\n if user_hive?(hive) && !key_exists?(\"#{hive_name}\\\\#{root_key}\")\n reg_path, hive_loaded = load_user_hive(hive, reg_path, root_key)\n root_key = reg_path[0]\n Chef::Log.debug(\"Resolved user (#{path}) to (#{reg_path.join('/')})\")\n end\n\n [hive, reg_path, hive_name, root_key, hive_loaded]\n end\n\n def load_user_hive(hive, reg_path, user_hive)\n Chef::Log.debug(\"Reg Path #{reg_path}\")\n # See if the hive is loaded. Logged in users will have a key that is named their SID\n # if the user has specified the a path by SID and the user is logged in, this function\n # should not be executed.\n if user_hive?(hive) && !key_exists?(\"HKU\\\\#{user_hive}\")\n Chef::Log.debug('The user is not logged in and has not been specified by SID')\n sid = resolve_user_to_sid(user_hive)\n Chef::Log.debug(\"User SID resolved to (#{sid})\")\n # Now that the user has been resolved to a SID, check and see if the hive exists.\n # If this exists by SID, the user is logged in and we should use that key.\n # TODO: Replace the username with the sid and send it back because the username\n # does not exist as the key location.\n load_reg = false\n if key_exists?(\"HKU\\\\#{sid}\")\n reg_path[0] = sid # use the active profile (user is logged on)\n Chef::Log.debug(\"HKEY_USERS Mapped: #{user_hive} -> #{sid}\")\n else\n Chef::Log.debug('User is not logged in')\n load_reg = true\n end\n\n # The user is not logged in, so we should load the registry from disk\n if load_reg\n profile_path = get_user_hive_location(sid)\n unless profile_path.nil?\n ntuser_dat = \"#{profile_path}\\\\NTUSER.DAT\"\n if ::File.exist?(ntuser_dat)\n priv = Chef::WindowsPrivileged.new\n if priv.reg_load_key(sid, ntuser_dat)\n Chef::Log.debug(\"RegLoadKey(#{sid}, #{user_hive}, #{ntuser_dat})\")\n reg_path[0] = sid\n else\n Chef::Log.debug(\"Failed RegLoadKey(#{sid}, #{user_hive}, #{ntuser_dat})\")\n end\n end\n end\n end\n end\n\n [reg_path, load_reg]\n end\n\n private\n\n def ensure_hive_unloaded(hive_loaded = false)\n if hive_loaded\n Chef::Log.debug('Hive was loaded, we really should unload it')\n unload_hive(path)\n end\n end\n end\nend\n\nmodule Registry\n module_function # rubocop: disable Lint/UselessAccessModifier\n\n extend Windows::RegistryHelper\nend\n" }, { "path": "libraries/version.rb", "content": "#\n# Author:: Seth Chisamore ()\n# Cookbook:: windows\n# Library:: version\n#\n# Copyright:: 2011-2018, Chef Software, Inc.\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this file except in compliance with the License.\n# You may obtain a copy of the License at\n#\n# http://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing, software\n# distributed under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License for the specific language governing permissions and\n# limitations under the License.\n#\n\nif RUBY_PLATFORM =~ /mswin|mingw32|windows/\n require_relative 'wmi_helper'\nend\n\nmodule Windows\n class Version\n # http://msdn.microsoft.com/en-us/library/ms724833(v=vs.85).aspx\n\n # Suite Masks\n # Microsoft BackOffice components are installed.\n VER_SUITE_BACKOFFICE = 0x00000004 unless defined?(VER_SUITE_BACKOFFICE)\n # Windows Server 2008 Datacenter, Windows Server 2003, Datacenter Edition, or Windows 2000 Datacenter Server is installed.\n VER_SUITE_DATACENTER = 0x00000080 unless defined?(VER_SUITE_DATACENTER)\n # Windows Server 2008 Enterprise, Windows Server 2003, Enterprise Edition, or Windows 2000 Advanced Server is installed. Refer to the Remarks section for more information about this bit flag.\n VER_SUITE_ENTERPRISE = 0x00000002 unless defined?(VER_SUITE_ENTERPRISE)\n # Windows XP Embedded is installed.\n VER_SUITE_EMBEDDEDNT = 0x00000040 unless defined?(VER_SUITE_EMBEDDEDNT)\n # Windows Vista Home Premium, Windows Vista Home Basic, or Windows XP Home Edition is installed.\n VER_SUITE_PERSONAL = 0x00000200 unless defined?(VER_SUITE_PERSONAL)\n # Remote Desktop is supported, but only one interactive session is supported. This value is set unless the system is running in application server mode.\n VER_SUITE_SINGLEUSERTS = 0x00000100 unless defined?(VER_SUITE_SINGLEUSERTS)\n # Microsoft Small Business Server was once installed on the system, but may have been upgraded to another version of Windows. Refer to the Remarks section for more information about this bit flag.\n VER_SUITE_SMALLBUSINESS = 0x00000001 unless defined?(VER_SUITE_SMALLBUSINESS)\n # Microsoft Small Business Server is installed with the restrictive client license in force. Refer to the Remarks section for more information about this bit flag.\n VER_SUITE_SMALLBUSINESS_RESTRICTED = 0x00000020 unless defined?(VER_SUITE_SMALLBUSINESS_RESTRICTED)\n # Terminal Services is installed. This value is always set.\n # If VER_SUITE_TERMINAL is set but VER_SUITE_SINGLEUSERTS is not set, the system is running in application server mode.\n VER_SUITE_TERMINAL = 0x00000010 unless defined?(VER_SUITE_TERMINAL)\n # Windows Home Server is installed.\n VER_SUITE_WH_SERVER = 0x00008000 unless defined?(VER_SUITE_WH_SERVER)\n\n # Product Type\n # The system is a domain controller and the operating system is Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, or Windows 2000 Server.\n VER_NT_DOMAIN_CONTROLLER = 0x0000002 unless defined?(VER_NT_DOMAIN_CONTROLLER)\n # The operating system is Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, or Windows 2000 Server.\n # Note that a server that is also a domain controller is reported as VER_NT_DOMAIN_CONTROLLER, not VER_NT_SERVER.\n VER_NT_SERVER = 0x0000003 unless defined?(VER_NT_SERVER)\n # The operating system is Windows 7, Windows Vista, Windows XP Professional, Windows XP Home Edition, or Windows 2000 Professional.\n VER_NT_WORKSTATION = 0x0000001 unless defined?(VER_NT_WORKSTATION)\n\n # http://msdn.microsoft.com/en-us/library/ms724358(v=vs.85).aspx\n SKU = {\n 0x00000006 => { ms_const: 'PRODUCT_BUSINESS', name: 'Business' },\n 0x00000010 => { ms_const: 'PRODUCT_BUSINESS_N', name: 'Business N' },\n 0x00000012 => { ms_const: 'PRODUCT_CLUSTER_SERVER', name: 'HPC Edition' },\n 0x00000008 => { ms_const: 'PRODUCT_DATACENTER_SERVER', name: 'Server Datacenter (full installation)' },\n 0x0000000C => { ms_const: 'PRODUCT_DATACENTER_SERVER_CORE', name: 'Server Datacenter (core installation)' },\n 0x00000027 => { ms_const: 'PRODUCT_DATACENTER_SERVER_CORE_V', name: 'Server Datacenter without Hyper-V (core installation)' },\n 0x00000025 => { ms_const: 'PRODUCT_DATACENTER_SERVER_V', name: 'Server Datacenter without Hyper-V (full installation)' },\n 0x00000004 => { ms_const: 'PRODUCT_ENTERPRISE', name: 'Enterprise' },\n 0x00000046 => { ms_const: 'PRODUCT_ENTERPRISE_E', name: 'Not supported' },\n 0x0000001B => { ms_const: 'PRODUCT_ENTERPRISE_N', name: 'Enterprise N' },\n 0x0000000A => { ms_const: 'PRODUCT_ENTERPRISE_SERVER', name: 'Server Enterprise (full installation)' },\n 0x0000000E => { ms_const: 'PRODUCT_ENTERPRISE_SERVER_CORE', name: 'Server Enterprise (core installation)' },\n 0x00000029 => { ms_const: 'PRODUCT_ENTERPRISE_SERVER_CORE_V', name: 'Server Enterprise without Hyper-V (core installation)' },\n 0x0000000F => { ms_const: 'PRODUCT_ENTERPRISE_SERVER_IA64', name: 'Server Enterprise for Itanium-based Systems' },\n 0x00000026 => { ms_const: 'PRODUCT_ENTERPRISE_SERVER_V', name: 'Server Enterprise without Hyper-V (full installation)' },\n 0x00000002 => { ms_const: 'PRODUCT_HOME_BASIC', name: 'Home Basic' },\n 0x00000043 => { ms_const: 'PRODUCT_HOME_BASIC_E', name: 'Not supported' },\n 0x00000005 => { ms_const: 'PRODUCT_HOME_BASIC_N', name: 'Home Basic N' },\n 0x00000003 => { ms_const: 'PRODUCT_HOME_PREMIUM', name: 'Home Premium' },\n 0x00000044 => { ms_const: 'PRODUCT_HOME_PREMIUM_E', name: 'Not supported' },\n 0x0000001A => { ms_const: 'PRODUCT_HOME_PREMIUM_N', name: 'Home Premium N' },\n 0x0000002A => { ms_const: 'PRODUCT_HYPERV', name: 'Microsoft Hyper-V Server' },\n 0x0000001E => { ms_const: 'PRODUCT_MEDIUMBUSINESS_SERVER_MANAGEMENT', name: 'Windows Essential Business Server Management Server' },\n 0x00000020 => { ms_const: 'PRODUCT_MEDIUMBUSINESS_SERVER_MESSAGING', name: 'Windows Essential Business Server Messaging Server' },\n 0x0000001F => { ms_const: 'PRODUCT_MEDIUMBUSINESS_SERVER_SECURITY', name: 'Windows Essential Business Server Security Server' },\n 0x00000030 => { ms_const: 'PRODUCT_PROFESSIONAL', name: 'Professional' },\n 0x00000045 => { ms_const: 'PRODUCT_PROFESSIONAL_E', name: 'Not supported' },\n 0x00000031 => { ms_const: 'PRODUCT_PROFESSIONAL_N', name: 'Professional N' },\n 0x00000067 => { ms_const: 'PRODUCT_PROFESSIONAL_WMC', name: 'Professional with Media Center' },\n 0x00000018 => { ms_const: 'PRODUCT_SERVER_FOR_SMALLBUSINESS', name: 'Windows Server 2008 for Windows Essential Server Solutions' },\n 0x00000023 => { ms_const: 'PRODUCT_SERVER_FOR_SMALLBUSINESS_V', name: 'Windows Server 2008 without Hyper-V for Windows Essential Server Solutions' },\n 0x00000021 => { ms_const: 'PRODUCT_SERVER_FOUNDATION', name: 'Server Foundation' },\n 0x00000022 => { ms_const: 'PRODUCT_HOME_PREMIUM_SERVER', name: 'Windows Home Server 2011' },\n 0x00000032 => { ms_const: 'PRODUCT_SB_SOLUTION_SERVER', name: 'Windows Small Business Server 2011 Essentials' },\n 0x00000013 => { ms_const: 'PRODUCT_HOME_SERVER', name: 'Windows Storage Server 2008 R2 Essentials' },\n 0x00000009 => { ms_const: 'PRODUCT_SMALLBUSINESS_SERVER', name: 'Windows Small Business Server' },\n 0x00000038 => { ms_const: 'PRODUCT_SOLUTION_EMBEDDEDSERVER', name: 'Windows MultiPoint Server' },\n 0x00000007 => { ms_const: 'PRODUCT_STANDARD_SERVER', name: 'Server Standard (full installation)' },\n 0x0000000D => { ms_const: 'PRODUCT_STANDARD_SERVER_CORE', name: 'Server Standard (core installation)' },\n 0x00000028 => { ms_const: 'PRODUCT_STANDARD_SERVER_CORE_V', name: 'Server Standard without Hyper-V (core installation)' },\n 0x00000024 => { ms_const: 'PRODUCT_STANDARD_SERVER_V', name: 'Server Standard without Hyper-V (full installation)' },\n 0x0000000B => { ms_const: 'PRODUCT_STARTER', name: 'Starter' },\n 0x00000042 => { ms_const: 'PRODUCT_STARTER_E', name: 'Not supported' },\n 0x0000002F => { ms_const: 'PRODUCT_STARTER_N', name: 'Starter N' },\n 0x00000017 => { ms_const: 'PRODUCT_STORAGE_ENTERPRISE_SERVER', name: 'Storage Server Enterprise' },\n 0x00000014 => { ms_const: 'PRODUCT_STORAGE_EXPRESS_SERVER', name: 'Storage Server Express' },\n 0x00000015 => { ms_const: 'PRODUCT_STORAGE_STANDARD_SERVER', name: 'Storage Server Standard' },\n 0x00000016 => { ms_const: 'PRODUCT_STORAGE_WORKGROUP_SERVER', name: 'Storage Server Workgroup' },\n 0x00000000 => { ms_const: 'PRODUCT_UNDEFINED', name: 'An unknown product' },\n 0x00000001 => { ms_const: 'PRODUCT_ULTIMATE', name: 'Ultimate' },\n 0x00000047 => { ms_const: 'PRODUCT_ULTIMATE_E', name: 'Not supported' },\n 0x0000001C => { ms_const: 'PRODUCT_ULTIMATE_N', name: 'Ultimate N' },\n 0x00000011 => { ms_const: 'PRODUCT_WEB_SERVER', name: 'Web Server (full installation)' },\n 0x0000001D => { ms_const: 'PRODUCT_WEB_SERVER_CORE', name: 'Web Server (core installation)' },\n }.freeze unless defined?(SKU)\n\n attr_reader :major_version, :minor_version, :build_number, :service_pack_major_version, :service_pack_minor_version\n attr_reader :version, :product_type, :product_suite, :sku\n\n def initialize\n unless RUBY_PLATFORM =~ /mswin|mingw32|windows/\n raise NotImplementedError, 'only valid on Windows platform'\n end\n @version, @product_type, @product_suite, @sku, @service_pack_major_version, @service_pack_minor_version = get_os_info\n @major_version, @minor_version, @build_number = version.split('.').map(&:to_i)\n end\n\n WIN_VERSIONS = {\n 'Windows 10' => { major: 10, minor: 0, callable: -> { @product_type != VER_NT_WORKSTATION } },\n 'Windows Server 2012 R2' => { major: 6, minor: 3, callable: -> { @product_type != VER_NT_WORKSTATION } },\n 'Windows 8' => { major: 6, minor: 2, callable: -> { @product_type == VER_NT_WORKSTATION } },\n 'Windows Server 2012' => { major: 6, minor: 2, callable: -> { @product_type != VER_NT_WORKSTATION } },\n 'Windows 7' => { major: 6, minor: 1, callable: -> { @product_type == VER_NT_WORKSTATION } },\n 'Windows Server 2008 R2' => { major: 6, minor: 1, callable: -> { @product_type != VER_NT_WORKSTATION } },\n 'Windows Server 2008' => { major: 6, minor: 0, callable: -> { @product_type != VER_NT_WORKSTATION } },\n 'Windows Vista' => { major: 6, minor: 0, callable: -> { @product_type == VER_NT_WORKSTATION } },\n 'Windows Home Server' => { major: 5, minor: 2, callable: -> { (@product_suite & VER_SUITE_WH_SERVER) == VER_SUITE_WH_SERVER } },\n 'Windows XP' => { major: 5, minor: 1 },\n 'Windows 2000' => { major: 5, minor: 0 },\n }.freeze unless defined?(WIN_VERSIONS)\n\n marketing_names = []\n\n # General Windows checks\n WIN_VERSIONS.each do |k, v|\n method_name = \"#{k.gsub(/\\s/, '_').downcase}?\"\n define_method(method_name) do\n (@major_version == v[:major]) &&\n (@minor_version == v[:minor]) &&\n (v[:callable] ? v[:callable].call : true)\n end\n marketing_names << [k, method_name]\n end\n\n define_method(:marketing_name) do\n marketing_names.each do |mn|\n break mn[0] if send(mn[1])\n end\n end\n\n # Server Type checks\n %w( core full datacenter ).each do |m|\n define_method(\"server_#{m}?\") do\n if @sku\n !(SKU[@sku][:name] =~ /#{m}/i).nil?\n else\n false\n end\n end\n end\n\n private\n\n # query WMI Win32_OperatingSystem for required OS info\n def get_os_info\n cols = %w( Version ProductType OSProductSuite OperatingSystemSKU ServicePackMajorVersion ServicePackMinorVersion )\n os_info = execute_wmi_query('select * from Win32_OperatingSystem').each.next\n cols.map do |c|\n begin\n wmi_object_property(os_info, c)\n rescue # OperatingSystemSKU doesn't exist in all versions of Windows\n nil\n end\n end\n end\n end\nend\n" }, { "path": "libraries/version_helper.rb", "content": "#\n# Cookbook:: windows\n# Library:: version_helper\n# Author:: Baptiste Courtois ()\n#\n# Copyright:: 2015-2017, Criteo\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this file except in compliance with the License.\n# You may obtain a copy of the License at\n#\n# http://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing, software\n# distributed under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License for the specific language governing permissions and\n# limitations under the License.\n#\nmodule Windows\n # Module based on windows ohai kernel.cs_info providing version helpers\n module VersionHelper\n # Module referencing CORE SKU contants from product type\n # see. https://msdn.microsoft.com/windows/desktop/ms724358#PRODUCT_DATACENTER_SERVER_CORE\n # n.b. Prefix - PRODUCT_ - and suffix - _CORE- have been removed\n module CoreSKU\n # Server Datacenter Core\n DATACENTER_SERVER = 0x0C unless constants.include?(:DATACENTER_SERVER)\n # Server Datacenter without Hyper-V Core\n DATACENTER_SERVER_V = 0x27 unless constants.include?(:DATACENTER_SERVER_V)\n # Server Enterprise Core\n ENTERPRISE_SERVER = 0x0E unless constants.include?(:ENTERPRISE_SERVER)\n # Server Enterprise without Hyper-V Core\n ENTERPRISE_SERVER_V = 0x29 unless constants.include?(:ENTERPRISE_SERVER_V)\n # Server Standard Core\n STANDARD_SERVER = 0x0D unless constants.include?(:STANDARD_SERVER)\n # Server Standard without Hyper-V Core\n STANDARD_SERVER_V = 0x28 unless constants.include?(:STANDARD_SERVER_V)\n # Small Business Server Premium Core\n PRODUCT_SMALLBUSINESS_SERVER_PREMIUM_CORE = 0x3F unless constants.include?(:PRODUCT_SMALLBUSINESS_SERVER_PREMIUM_CORE)\n # Server Solutions Premium Core\n STANDARD_SERVER_SOLUTIONS = 0x35 unless constants.include?(:STANDARD_SERVER_SOLUTIONS)\n # Storage Server Enterprise Core\n STORAGE_ENTERPRISE_SERVER = 0x2E unless constants.include?(:STORAGE_ENTERPRISE_SERVER)\n # Storage Server Express Core\n STORAGE_EXPRESS_SERVER = 0x2B unless constants.include?(:STORAGE_EXPRESS_SERVER)\n # Storage Server Standard Core\n STORAGE_STANDARD_SERVER = 0x2C unless constants.include?(:STORAGE_STANDARD_SERVER)\n # Storage Server Workgroup Core\n STORAGE_WORKGROUP_SERVER = 0x2D unless constants.include?(:STORAGE_WORKGROUP_SERVER)\n # Web Server Core\n WEB_SERVER = 0x1D unless constants.include?(:WEB_SERVER)\n end\n\n # Module referencing product type contants\n # see. https://msdn.microsoft.com/windows/desktop/ms724833#VER_NT_SERVER\n # n.b. Prefix - VER_NT_ - has been removed\n module ProductType\n WORKSTATION = 0x1 unless constants.include?(:WORKSTATION)\n DOMAIN_CONTROLLER = 0x2 unless constants.include?(:DOMAIN_CONTROLLER)\n SERVER = 0x3 unless constants.include?(:SERVER)\n end\n\n # Determines whether current node is running a windows Core version\n def self.core_version?(node)\n validate_platform node\n\n CoreSKU.constants.any? { |c| CoreSKU.const_get(c) == node['kernel']['os_info']['operating_system_sku'] }\n end\n\n # Determines whether current node is a workstation version\n def self.workstation_version?(node)\n validate_platform node\n node['kernel']['os_info']['product_type'] == ProductType::WORKSTATION\n end\n\n # Determines whether current node is a server version\n def self.server_version?(node)\n !workstation_version?(node)\n end\n\n # Determines NT version of the current node\n def self.nt_version(node)\n validate_platform node\n\n node['platform_version'].to_f\n end\n\n def self.validate_platform(node)\n raise 'Windows helper are only supported on windows platform!' unless node['platform'] == 'windows'\n end\n end\nend\n" }, { "path": "libraries/windows_helper.rb", "content": "#\n# Author:: Seth Chisamore ()\n# Cookbook:: windows\n# Library:: windows_helper\n#\n# Copyright:: 2011-2018, Chef Software, Inc.\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this file except in compliance with the License.\n# You may obtain a copy of the License at\n#\n# http://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing, software\n# distributed under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License for the specific language governing permissions and\n# limitations under the License.\n\nrequire 'uri'\nrequire 'chef/exceptions'\nrequire 'openssl'\nrequire 'chef/mixin/powershell_out'\nrequire 'chef/mixin/windows_env_helper'\nrequire 'chef/util/path_helper'\n\nmodule Windows\n module Helper\n AUTO_RUN_KEY = 'HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run'.freeze unless defined?(AUTO_RUN_KEY)\n ENV_KEY = 'HKLM\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Environment'.freeze unless defined?(ENV_KEY)\n include Chef::Mixin::WindowsEnvHelper\n\n # returns windows friendly version of the provided path,\n # ensures backslashes are used everywhere\n def win_friendly_path(path)\n Chef::Log.warn('The win_friendly_path helper has been deprecated and will be removed from the next major release of the windows cookbook. Please update any cookbooks using this helper to instead require `chef/util/path_helper` and then use `Chef::Util::PathHelper.cleanpath`.')\n path.gsub(::File::SEPARATOR, ::File::ALT_SEPARATOR || '\\\\') if path\n end\n\n # account for Window's wacky File System Redirector\n # http://msdn.microsoft.com/en-us/library/aa384187(v=vs.85).aspx\n # especially important for 32-bit processes (like Ruby) on a\n # 64-bit instance of Windows.\n def locate_sysnative_cmd(cmd)\n if ::File.exist?(\"#{ENV['WINDIR']}\\\\sysnative\\\\#{cmd}\")\n \"#{ENV['WINDIR']}\\\\sysnative\\\\#{cmd}\"\n elsif ::File.exist?(\"#{ENV['WINDIR']}\\\\system32\\\\#{cmd}\")\n \"#{ENV['WINDIR']}\\\\system32\\\\#{cmd}\"\n else\n cmd\n end\n end\n\n # singleton instance of the Windows Version checker\n def win_version\n @win_version ||= Windows::Version.new\n end\n\n # Helper function to properly parse a URI\n def as_uri(source)\n URI.parse(source)\n rescue URI::InvalidURIError\n Chef::Log.warn(\"#{source} was an invalid URI. Trying to escape invalid characters\")\n URI.parse(URI.escape(source))\n end\n\n # if a file is local it returns a windows friendly path version\n # if a file is remote it caches it locally\n def cached_file(source, checksum = nil, windows_path = true)\n @installer_file_path ||= begin\n\n if source =~ %r{^(file|ftp|http|https):\\/\\/}\n uri = as_uri(source)\n cache_file_path = \"#{Chef::Config[:file_cache_path]}/#{::File.basename(::URI.unescape(uri.path))}\"\n Chef::Log.debug(\"Caching a copy of file #{source} at #{cache_file_path}\")\n remote_file cache_file_path do\n source source\n backup false\n checksum checksum unless checksum.nil?\n end.run_action(:create)\n else\n cache_file_path = source\n end\n\n windows_path ? Chef::Util::PathHelper.cleanpath(cache_file_path) : cache_file_path\n end\n end\n\n # Expands the environment variables\n def expand_env_vars(path)\n # The windows Env provider does not correctly expand variables in\n # the PATH environment variable. Ruby expects these to be expanded.\n # Using Chef::Mixin::WindowsEnvHelper\n expand_path(path)\n end\n\n def is_package_installed?(package_name) # rubocop:disable Naming/PredicateName\n installed_packages.include?(package_name)\n end\n\n def installed_packages\n @installed_packages || begin\n installed_packages = {}\n # Computer\\HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\n installed_packages.merge!(extract_installed_packages_from_key(::Win32::Registry::HKEY_LOCAL_MACHINE)) # rescue nil\n # 64-bit registry view\n # Computer\\HKEY_LOCAL_MACHINE\\Software\\Wow6464Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\n installed_packages.merge!(extract_installed_packages_from_key(::Win32::Registry::HKEY_LOCAL_MACHINE, (::Win32::Registry::Constants::KEY_READ | 0x0100))) # rescue nil\n # 32-bit registry view\n # Computer\\HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\n installed_packages.merge!(extract_installed_packages_from_key(::Win32::Registry::HKEY_LOCAL_MACHINE, (::Win32::Registry::Constants::KEY_READ | 0x0200))) # rescue nil\n # Computer\\HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\n installed_packages.merge!(extract_installed_packages_from_key(::Win32::Registry::HKEY_CURRENT_USER)) # rescue nil\n installed_packages\n end\n end\n\n # Returns an array\n def to_array(var)\n var = var.is_a?(Array) ? var : [var]\n var.reject(&:nil?)\n end\n\n private\n\n def extract_installed_packages_from_key(hkey = ::Win32::Registry::HKEY_LOCAL_MACHINE, desired = ::Win32::Registry::Constants::KEY_READ)\n uninstall_subkey = 'Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall'\n packages = {}\n begin\n ::Win32::Registry.open(hkey, uninstall_subkey, desired) do |reg|\n reg.each_key do |key, _wtime|\n begin\n k = reg.open(key, desired)\n display_name = begin\n k['DisplayName']\n rescue\n nil\n end\n version = begin\n k['DisplayVersion']\n rescue\n 'NO VERSION'\n end\n uninstall_string = begin\n k['UninstallString']\n rescue\n nil\n end\n if display_name\n packages[display_name] = { name: display_name,\n version: version,\n uninstall_string: uninstall_string }\n end\n rescue ::Win32::Registry::Error\n end\n end\n end\n rescue ::Win32::Registry::Error\n end\n packages\n end\n end\nend\n\nChef::DSL::Recipe.include Windows::Helper\n" }, { "path": "libraries/windows_privileged.rb", "content": "#\n# Author:: Doug MacEachern \n# Author:: Paul Morton ()\n# Cookbook:: windows\n# Library:: windows_privileged\n#\n# Copyright:: 2010-2017, VMware, Inc.\n# Copyright:: 2011-2017, Business Intelligence Associates, Inc\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this file except in compliance with the License.\n# You may obtain a copy of the License at\n#\n# http://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing, software\n# distributed under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License for the specific language governing permissions and\n# limitations under the License.\n#\n\n# helpers for Windows API calls that require privilege adjustments\nclass Chef\n class WindowsPrivileged\n # File -> Load Hive... in regedit.exe\n def reg_load_key(name, file)\n load_deps\n\n run(SE_BACKUP_NAME, SE_RESTORE_NAME) do\n rc = RegLoadKey(HKEY_USERS, name.to_s, file)\n if rc == ERROR_SUCCESS\n return true\n elsif rc == ERROR_SHARING_VIOLATION\n return false\n else\n raise get_last_error(rc)\n end\n end\n end\n\n # File -> Unload Hive... in regedit.exe\n def reg_unload_key(name)\n load_deps\n\n run(SE_BACKUP_NAME, SE_RESTORE_NAME) do\n rc = RegUnLoadKey(HKEY_USERS, name.to_s)\n raise get_last_error(rc) if rc != ERROR_SUCCESS\n end\n end\n\n def run(*privileges)\n load_deps\n\n token = [0].pack('L')\n\n unless OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, token)\n raise get_last_error\n end\n token = token.unpack1('L')\n\n privileges.each do |name|\n unless adjust_privilege(token, name, SE_PRIVILEGE_ENABLED)\n raise get_last_error\n end\n end\n\n begin\n yield\n ensure # disable privs\n privileges.each do |name|\n adjust_privilege(token, name, 0)\n end\n end\n end\n\n def adjust_privilege(token, priv, attr = 0)\n load_deps\n\n luid = [0, 0].pack('Ll')\n if LookupPrivilegeValue(nil, priv, luid)\n new_state = [1, luid.unpack('Ll'), attr].flatten.pack('LLlL')\n AdjustTokenPrivileges(token, 0, new_state, new_state.size, 0, 0)\n end\n end\n\n private\n\n def load_deps\n if RUBY_PLATFORM =~ /mswin|mingw32|windows/\n require 'windows/error'\n require 'windows/registry'\n require 'windows/process'\n require 'windows/security'\n\n include Windows::Error\n include Windows::Registry\n include Windows::Process\n include Windows::Security\n end\n end\n end\nend\n" }, { "path": "libraries/wmi_helper.rb", "content": "#\n# Author:: Adam Edwards ()\n# Cookbook:: windows\n# Library:: wmi_helper\n#\n# Copyright:: 2014-2018, Chef Software, Inc.\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this file except in compliance with the License.\n# You may obtain a copy of the License at\n#\n# http://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing, software\n# distributed under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License for the specific language governing permissions and\n# limitations under the License.\n#\n\nif RUBY_PLATFORM =~ /mswin|mingw32|windows/\n require 'win32ole'\n\n def execute_wmi_query(wmi_query)\n wmi = ::WIN32OLE.connect('winmgmts://')\n result = wmi.ExecQuery(wmi_query)\n return unless result.each.count > 0\n result\n end\n\n def wmi_object_property(wmi_object, wmi_property)\n wmi_object.send(wmi_property)\n end\nend\n" }, { "path": "metadata.rb", "content": "name 'windows'\nmaintainer 'Chef Software, Inc.'\nmaintainer_email 'cookbooks@chef.io'\nlicense 'Apache-2.0'\ndescription 'Provides a set of useful Windows-specific primitives.'\nversion '7.0.2'\nsupports 'windows'\nsource_url 'https://github.com/chef-cookbooks/windows'\nissues_url 'https://github.com/chef-cookbooks/windows/issues'\nchef_version '>= 14.7'\n" }, { "path": "providers/dns.rb", "content": "#\n# Author:: Richard Lavey (richard.lavey@calastone.com)\n# Cookbook:: windows\n# Provider:: dns\n#\n# Copyright:: 2015, Calastone Ltd.\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this file except in compliance with the License.\n# You may obtain a copy of the License at\n#\n# http://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing, software\n# distributed under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License for the specific language governing permissions and\n# limitations under the License.\n#\n\n# See this for info on DNSCMD\n# https://technet.microsoft.com/en-gb/library/cc772069.aspx#BKMK_10\n\ninclude Windows::Helper\n\naction :create do\n if @current_resource.exists\n needs_change = (@new_resource.record_type != @current_resource.record_type) ||\n (@new_resource.ttl > 0 && @new_resource.ttl != @current_resource.ttl) ||\n (@new_resource.target.is_a?(String) && @new_resource.target != @current_resource.target) ||\n (@new_resource.target.is_a?(Array) && !(@new_resource.target - @current_resource.target).empty?)\n\n if needs_change\n converge_by(\"Changing #{@new_resource.host_name}\") do\n update_dns\n end\n else\n Chef::Log.debug(\"#{@new_resource.host_name} already exists - nothing to do\")\n end\n else\n converge_by(\"Creating #{@new_resource.host_name}\") do\n update_dns\n end\n end\nend\n\naction :delete do\n if @current_resource.exists\n converge_by(\"Deleting #{@current_resource.host_name}\") do\n execute_command! 'recorddelete', \"#{@current_resource.record_type} /f\"\n end\n else\n Chef::Log.debug(\"#{@new_resource.host_name} does not exist - nothing to do\")\n end\nend\n\ndef load_current_resource\n # validate the new resource params : A records should be an array\n if @new_resource.record_type == 'A' && @new_resource.target.is_a?(String)\n raise 'target property must be an array for record_type A'\n end\n\n @current_resource = Chef::Resource::WindowsDns.new(@new_resource.name)\n @current_resource.host_name(@new_resource.host_name)\n @current_resource.dns_server(@new_resource.dns_server)\n\n parts = @current_resource.host_name.scan(/(\\w+)\\.(.*)/)\n @host = parts[0][0]\n @domain = parts[0][1]\n\n fetch_attributes\nend\n\nprivate\n\ndef fetch_attributes\n @command = locate_sysnative_cmd('dnscmd.exe')\n cmd = shell_out(\"#{@command} #{@current_resource.dns_server} /enumrecords #{@domain} #{@host}\")\n Chef::Log.debug \"dnscmd reports: #{cmd.stdout}\"\n\n # extract values from returned text\n if cmd.stdout.include?('DNS_ERROR_NAME_DOES_NOT_EXIST')\n @current_resource.exists = false\n @current_resource.target([])\n elsif cmd.exitstatus == 0\n @current_resource.exists = true\n\n m = cmd.stdout.scan(/(\\d+)\\s(A)\\s+(\\d+\\.\\d+\\.\\d+\\.\\d+)/)\n if m.empty?\n m = cmd.stdout.scan(/(\\d+)\\s(CNAME)\\s+((?:\\w+\\.)+)/)\n if m.empty?\n @current_resource.exists = false\n @current_resource.target([])\n else\n # We have a cname record\n @current_resource.record_type('CNAME')\n @current_resource.ttl(m[0][0].to_i)\n @current_resource.target(m[0][2].chomp('.'))\n end\n else\n # we have A entries\n @current_resource.record_type('A')\n @current_resource.ttl(m[0][0].to_i)\n addresses = []\n m.each do |match|\n addresses.push(match[2])\n end\n @current_resource.target(addresses)\n end\n else\n raise \"dnscmd returned error #{cmd.exitstatus} : #{cmd.stderr} #{cmd.stdout}\"\n end\nend\n\ndef update_dns\n ttl = @new_resource.ttl if @new_resource.ttl > 0\n\n if @current_resource.record_type != @new_resource.record_type\n # delete current record(s) as we're changing the type\n execute_command! 'recorddelete', \"#{@current_resource.record_type} /f\"\n end\n\n if @new_resource.record_type == 'A'\n # delete existing records that are no longer defined\n (@current_resource.target - @new_resource.target).each do |address|\n Chef::Log.info \"Deleting #{address}\"\n execute_command! 'recorddelete', \"A #{address} /f\"\n end\n\n # add new records that don't exist\n # if ttl has changed then update all records\n addresses = if @current_resource.ttl == @new_resource.ttl\n (@new_resource.target - @current_resource.target)\n else\n @new_resource.target\n end\n addresses.each do |address|\n Chef::Log.info \"Adding/Changing #{address}\"\n execute_command! 'recordadd', \"#{ttl} A #{address}\"\n end\n else\n execute_command! 'recordadd', \"#{ttl} CNAME #{@new_resource.target}\"\n end\nend\n\ndef execute_command!(mode, options)\n shell_out!(\"#{@command} #{@current_resource.dns_server} /#{mode} #{@domain} #{@host} #{options}\")\nend\n" }, { "path": "recipes/default.rb", "content": "#\n# Author:: Seth Chisamore ()\n# Cookbook:: windows\n# Recipe:: default\n#\n# Copyright:: 2011-2018, Chef Software, Inc.\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this file except in compliance with the License.\n# You may obtain a copy of the License at\n#\n# http://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing, software\n# distributed under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License for the specific language governing permissions and\n# limitations under the License.\n#\n\nChef::Log.warn('The windows::default recipe has been deprecated. The gems previously installed in this recipe ship in the Chef MSI.')\n" }, { "path": "resources/certificate_binding.rb", "content": "#\n# Author:: Richard Lavey (richard.lavey@calastone.com)\n# Cookbook:: windows\n# Resource:: certificate_binding\n#\n# Copyright:: 2015-2017, Calastone Ltd.\n# Copyright:: 2018, Chef Software, Inc.\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this file except in compliance with the License.\n# You may obtain a copy of the License at\n#\n# http://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing, software\n# distributed under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License for the specific language governing permissions and\n# limitations under the License.\n#\n\nunified_mode true if respond_to?(:unified_mode)\n\nproperty :cert_name, String, name_property: true\nproperty :name_kind, Symbol, equal_to: [:hash, :subject], default: :subject\nproperty :address, String, default: '0.0.0.0'\nproperty :port, Integer, default: 443\nproperty :app_id, String, default: '{4dc3e181-e14b-4a21-b022-59fc669b0914}'\nproperty :store_name, String, default: 'MY', equal_to: ['TRUSTEDPUBLISHER', 'CLIENTAUTHISSUER', 'REMOTE DESKTOP', 'ROOT', 'TRUSTEDDEVICES', 'WEBHOSTING', 'CA', 'AUTHROOT', 'TRUSTEDPEOPLE', 'MY', 'SMARTCARDROOT', 'TRUST']\nproperty :exists, [true, false]\n\nload_current_value do |desired|\n cmd = shell_out(\"#{netsh_command} http show sslcert #{address_mode(desired.address)}=#{desired.address}:#{desired.port}\")\n Chef::Log.debug \"netsh reports: #{cmd.stdout}\"\n\n address desired.address\n port desired.port\n store_name desired.store_name\n app_id desired.app_id\n\n if cmd.exitstatus == 0\n m = cmd.stdout.scan(/Certificate Hash\\s+:\\s?([A-Fa-f0-9]{40})/)\n raise \"Failed to extract hash from command output #{cmd.stdout}\" if m.empty?\n cert_name m[0][0]\n name_kind :hash\n exists true\n else\n exists false\n end\nend\n\ndef address_mode(address)\n address.match(/(\\d+\\.){3}\\d+|\\[.+\\]/).nil? ? 'hostnameport' : 'ipport'\nend\n\ndef netsh_command\n # account for Window's wacky File System Redirector\n # http://msdn.microsoft.com/en-us/library/aa384187(v=vs.85).aspx\n # especially important for 32-bit processes (like Ruby) on a\n # 64-bit instance of Windows.\n if ::File.exist?(\"#{ENV[\"WINDIR\"]}\\\\sysnative\\\\netsh.exe\")\n \"#{ENV[\"WINDIR\"]}\\\\sysnative\\\\netsh.exe\"\n elsif ::File.exist?(\"#{ENV[\"WINDIR\"]}\\\\system32\\\\netsh.exe\")\n \"#{ENV[\"WINDIR\"]}\\\\system32\\\\netsh.exe\"\n else\n \"netsh.exe\"\n end\nend\n\naction :create do\n hash = new_resource.name_kind == :subject ? hash_from_subject : new_resource.cert_name\n\n if current_resource.exists\n needs_change = (hash.casecmp(current_resource.cert_name) != 0)\n\n if needs_change\n converge_by(\"Changing #{current_resource.address}:#{current_resource.port}\") do\n delete_binding\n add_binding hash\n end\n else\n Chef::Log.debug(\"#{new_resource.address}:#{new_resource.port} already bound to #{hash} - nothing to do\")\n end\n else\n converge_by(\"Binding #{new_resource.address}:#{new_resource.port}\") do\n add_binding hash\n end\n end\nend\n\naction :delete do\n if current_resource.exists\n converge_by(\"Deleting #{current_resource.address}:#{current_resource.port}\") do\n delete_binding\n end\n else\n Chef::Log.debug(\"#{current_resource.address}:#{current_resource.port} not bound - nothing to do\")\n end\nend\n\naction_class do\n def add_binding(hash)\n cmd = \"#{netsh_command} http add sslcert\"\n mode = address_mode(current_resource.address)\n cmd << \" #{mode}=#{current_resource.address}:#{current_resource.port}\"\n cmd << \" certhash=#{hash}\"\n cmd << \" appid=\\\"#{current_resource.app_id}\\\"\"\n cmd << \" certstorename=#{current_resource.store_name}\"\n check_hash hash\n\n shell_out!(cmd)\n end\n\n def delete_binding\n mode = address_mode(current_resource.address)\n shell_out!(\"#{netsh_command} http delete sslcert #{mode}=#{current_resource.address}:#{current_resource.port}\")\n end\n\n def check_hash(hash)\n p = powershell_out!(\"Test-Path \\\"cert:\\\\LocalMachine\\\\#{current_resource.store_name}\\\\#{hash}\\\"\")\n\n unless p.stderr.empty? && p.stdout =~ /True/i\n raise \"A Cert with hash of #{hash} doesn't exist in keystore LocalMachine\\\\#{current_resource.store_name}\"\n end\n nil\n end\n\n def hash_from_subject\n # escape wildcard subject name (*.acme.com)\n subject = new_resource.cert_name.sub(/\\*/, '`*')\n ps_script = \"& { gci cert:\\\\localmachine\\\\#{new_resource.store_name} | where { $_.subject -like '*#{subject}*' } | select -first 1 -expandproperty Thumbprint }\"\n\n Chef::Log.debug \"Running PS script #{ps_script}\"\n p = powershell_out!(ps_script)\n\n raise \"#{ps_script} failed with #{p.stderr}\" if p.error?\n raise \"Couldn't find thumbprint for subject #{new_resource.cert_name}\" if p.stdout.nil? || p.stdout.empty?\n\n # seem to get a UTF-8 string with BOM returned sometimes! Strip any such BOM\n hash = p.stdout.strip\n hash[0].ord == 239 ? hash.force_encoding('UTF-8').delete!(\"\\xEF\\xBB\\xBF\".force_encoding('UTF-8')) : hash\n end\nend\n" }, { "path": "resources/dns.rb", "content": "#\n# Author:: Richard Lavey (richard.lavey@calastone.com)\n# Cookbook:: windows\n# Resource:: dns\n#\n# Copyright:: 2015, Calastone Ltd.\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this file except in compliance with the License.\n# You may obtain a copy of the License at\n#\n# http://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing, software\n# distributed under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License for the specific language governing permissions and\n# limitations under the License.\n#\n\nunified_mode true if respond_to?(:unified_mode)\n\ndefault_action :create\n\nattribute :host_name, kind_of: String, required: true\nattribute :record_type, kind_of: String, default: 'A', regex: /^(?:A|CNAME)$/\nattribute :dns_server, kind_of: String, default: '.'\nattribute :target, kind_of: [Array, String], required: true\nattribute :ttl, kind_of: Integer, required: false, default: 0\n\nattr_accessor :exists\n" }, { "path": "resources/http_acl.rb", "content": "#\n# Author:: Richard Lavey (richard.lavey@calastone.com)\n# Cookbook:: windows\n# Resource:: http_acl\n#\n# Copyright:: 2015-2017, Calastone Ltd.\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this file except in compliance with the License.\n# You may obtain a copy of the License at\n#\n# http://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing, software\n# distributed under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License for the specific language governing permissions and\n# limitations under the License.\n#\n\nunified_mode true if respond_to?(:unified_mode)\n\ninclude Windows::Helper\n\nproperty :url, String, name_property: true\nproperty :user, String\nproperty :sddl, String\nproperty :exists, [true, false]\n\n# See https://msdn.microsoft.com/en-us/library/windows/desktop/cc307236%28v=vs.85%29.aspx for netsh info\n\nload_current_value do |desired|\n cmd_out = shell_out!(\"#{locate_sysnative_cmd('netsh.exe')} http show urlacl url=#{desired.url}\").stdout\n Chef::Log.debug \"netsh reports: #{cmd_out}\"\n\n if cmd_out.include? desired.url\n exists true\n url desired.url\n # Checks first for sddl, because it generates user(s)\n sddl_match = cmd_out.match(/SDDL:\\s*(?\\S+)/)\n if sddl_match\n sddl sddl_match['sddl']\n else\n # if no sddl, tries to find a single user\n user_match = cmd_out.match(/User:\\s*(?.+)/)\n user user_match['user']\n end\n else\n exists false\n end\nend\n\naction :create do\n raise '`user` xor `sddl` can\\'t be used together' if new_resource.user && new_resource.sddl\n raise 'When provided user property can\\'t be empty' if new_resource.user && new_resource.user.empty?\n raise 'When provided sddl property can\\'t be empty' if new_resource.sddl && new_resource.sddl.empty?\n\n if current_resource.exists\n sddl_changed = (\n new_resource.sddl &&\n current_resource.sddl &&\n current_resource.sddl.casecmp(new_resource.sddl) != 0\n )\n user_changed = (\n new_resource.user &&\n current_resource.user &&\n current_resource.user.casecmp(new_resource.user) != 0\n )\n\n if sddl_changed || user_changed\n converge_by(\"Changing #{new_resource.url}\") do\n delete_acl\n apply_acl\n end\n else\n Chef::Log.debug(\"#{new_resource.url} already set - nothing to do\")\n end\n else\n converge_by(\"Setting #{new_resource.url}\") do\n apply_acl\n end\n end\nend\n\naction :delete do\n if current_resource.exists\n converge_by(\"Deleting #{new_resource.url}\") do\n delete_acl\n end\n else\n Chef::Log.debug(\"#{new_resource.url} does not exist - nothing to do\")\n end\nend\n\naction_class do\n def netsh_command\n locate_sysnative_cmd('netsh.exe')\n end\n\n def apply_acl\n if current_resource.sddl\n shell_out!(\"#{netsh_command} http add urlacl url=#{new_resource.url} sddl=\\\"#{new_resource.sddl}\\\"\")\n else\n shell_out!(\"#{netsh_command} http add urlacl url=#{new_resource.url} user=\\\"#{new_resource.user}\\\"\")\n end\n end\n\n def delete_acl\n shell_out!(\"#{netsh_command} http delete urlacl url=#{new_resource.url}\")\n end\nend\n" }, { "path": "resources/schannel.rb", "content": "#\n# Author:: Jason Field (jason.field@calastone.com)\n# Cookbook:: windows\n# Resource:: schannel\n#\n# Copyright:: 2019, Calastone Ltd.\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this file except in compliance with the License.\n# You may obtain a copy of the License at\n#\n# http://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing, software\n# distributed under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License for the specific language governing permissions and\n# limitations under the License.\n#\n\nunified_mode true if respond_to?(:unified_mode)\n\nproperty :use_strong_crypto, [true, false], default: true\n\naction :configure do\n registry_key 'HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\.NETFramework\\\\v4.0.30319' do\n values [{\n name: 'SchUseStrongCrypto',\n type: :dword,\n data: new_resource.use_strong_crypto ? 1 : 0,\n }]\n end\n\n registry_key 'HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Wow6432Node\\\\Microsoft\\\\.NETFramework\\\\v4.0.30319' do\n values [{\n name: 'SchUseStrongCrypto',\n type: :dword,\n data: new_resource.use_strong_crypto ? 1 : 0,\n }]\n end\nend\n" }, { "path": "resources/user_privilege.rb", "content": "#\n# Author:: Jared Kauppila ()\n# Cookbook:: windows\n# Resource:: user_privilege\n#\n\nchef_version_for_provides '< 16.0' if respond_to?(:chef_version_for_provides)\n\nproperty :principal, String, name_property: true\nproperty :privilege, [Array, String], required: true, coerce: proc { |v| Array(v).sort }\n\naction :add do\n new_resource.privilege - Array(current_resource.privilege).each do |user_right|\n converge_by(\"adding user privilege #{user_right}\") do\n Chef::ReservedNames::Win32::Security.add_account_right(new_resource.principal, user_right)\n end\n end\nend\n\naction :remove do\n if Gem::Version.new(Chef::VERSION) < Gem::Version.new('14.4.10')\n Chef::Log.warn('Chef 14.4.10 is required to use windows_privilege remove action')\n else\n curr_res_privilege = current_resource.privilege\n new_res_privilege = new_resource.privilege\n missing_res_privileges = (new_res_privilege - curr_res_privilege)\n\n if missing_res_privileges\n Chef::Log.info(\"Privilege: #{missing_res_privileges.join(', ')} not present. Unable to delete\")\n end\n\n (new_res_privilege - missing_res_privileges).each do |user_right|\n converge_by(\"removing user privilege #{user_right}\") do\n Chef::ReservedNames::Win32::Security.remove_account_right(new_resource.principal, user_right)\n end\n end\n end\nend\n\nload_current_value do |desired|\n privilege Chef::ReservedNames::Win32::Security.get_account_right(desired.principal)\nend\n" }, { "path": "resources/zipfile.rb", "content": "#\n# Author:: Doug MacEachern ()\n# Author:: Seth Chisamore ()\n# Author:: Wade Peacock ()\n# Cookbook:: windows\n# Resource:: zipfile\n#\n# Copyright:: 2010-2017, VMware, Inc.\n# Copyright:: 2011-2018, Chef Software, Inc.\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this file except in compliance with the License.\n# You may obtain a copy of the License at\n#\n# http://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing, software\n# distributed under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License for the specific language governing permissions and\n# limitations under the License.\n#\n\nunified_mode true if respond_to?(:unified_mode)\n\nrequire 'chef/util/path_helper'\n\nproperty :path, String, name_property: true\nproperty :source, String\nproperty :overwrite, [true, false], default: false\nproperty :checksum, String\n\naction :unzip do\n ensure_rubyzip_gem_installed\n Chef::Log.debug(\"unzip #{new_resource.source} => #{new_resource.path} (overwrite=#{new_resource.overwrite})\")\n\n cache_file_path = if new_resource.source =~ %r{^(file|ftp|http|https):\\/\\/} # http://rubular.com/r/DGoIWjLfGI\n uri = as_uri(new_resource.source)\n local_cache_path = \"#{Chef::Config[:file_cache_path]}/#{::File.basename(::URI.unescape(uri.path))}\"\n Chef::Log.debug(\"Caching a copy of file #{new_resource.source} at #{cache_file_path}\")\n\n remote_file local_cache_path do\n source new_resource.source\n backup false\n checksum new_resource.checksum unless new_resource.checksum.nil?\n end\n\n local_cache_path\n else\n new_resource.source\n end\n\n cache_file_path = Chef::Util::PathHelper.cleanpath(cache_file_path)\n\n converge_by(\"unzip #{new_resource.source}\") do\n ruby_block 'Unzipping' do\n block do\n Zip::File.open(cache_file_path) do |zip|\n zip.each do |entry|\n path = ::File.join(new_resource.path, entry.name)\n FileUtils.mkdir_p(::File.dirname(path))\n if new_resource.overwrite && ::File.exist?(path) && !::File.directory?(path)\n FileUtils.rm(path)\n end\n zip.extract(entry, path) unless ::File.exist?(path)\n end\n end\n end\n action :run\n end\n end\nend\n\naction :zip do\n ensure_rubyzip_gem_installed\n # sanitize paths for windows.\n new_resource.source.downcase.gsub!(::File::SEPARATOR, ::File::ALT_SEPARATOR)\n new_resource.path.downcase.gsub!(::File::SEPARATOR, ::File::ALT_SEPARATOR)\n Chef::Log.debug(\"zip #{new_resource.source} => #{new_resource.path} (overwrite=#{new_resource.overwrite})\")\n\n if new_resource.overwrite == false && ::File.exist?(new_resource.path)\n Chef::Log.info(\"file #{new_resource.path} already exists and overwrite is set to false, exiting\")\n else\n # delete the archive if it already exists, because we are recreating it.\n if ::File.exist?(new_resource.path)\n converge_by(\"delete existing file at #{new_resource.path}\") do\n ::File.unlink(new_resource.path)\n end\n end\n\n # only supporting compression of a single directory (recursively).\n if ::File.directory?(new_resource.source)\n converge_by(\"zipping #{new_resource.source} to #{new_resource.path}\") do\n z = Zip::File.new(new_resource.path, true)\n unless new_resource.source =~ /::File::ALT_SEPARATOR$/\n new_resource.source << ::File::ALT_SEPARATOR\n end\n Find.find(new_resource.source) do |f|\n f.downcase.gsub!(::File::SEPARATOR, ::File::ALT_SEPARATOR)\n # don't add root directory to the zipfile.\n next if f == new_resource.source\n # strip the root directory from the filename before adding it to the zipfile.\n zip_fname = f.sub(new_resource.source, '')\n Chef::Log.debug(\"adding #{zip_fname} to archive, sourcefile is: #{f}\")\n z.add(zip_fname, f)\n end\n z.close\n end\n else\n Chef::Log.info(\"Single directory must be specified for compression, and #{new_resource.source} does not meet that criteria.\")\n end\n end\nend\n\naction_class do\n include Windows::Helper\n require 'find'\n\n def ensure_rubyzip_gem_installed\n require 'zip'\n Chef::Log.warn('The windows_zipfile resource has been deprecated as Chef Infra Client 15.0 shipped with a new archive_file resource, which natively handles multiple archive formats. Please update any cookbooks using this resource to instead use the `archive_file` resource: https://docs.chef.io/resource_archive_file.html')\n rescue LoadError\n Chef::Log.info(\"Missing gem 'rubyzip'...installing now.\")\n chef_gem 'rubyzip' do\n action :install\n compile_time true\n end\n require 'zip'\n end\nend\n" }, { "path": "spec/spec_helper.rb", "content": "require 'chefspec'\nrequire 'chefspec/berkshelf'\nrequire 'win32-certstore'\n\nRSpec.configure do |config|\n config.color = true # Use color in STDOUT\n config.formatter = :documentation # Use the specified formatter\n config.log_level = :error # Avoid deprecation notice SPAM\nend\n" }, { "path": "test/cookbooks/test/files/GeoTrust_Primary_CA.pem", "content": "-----BEGIN CERTIFICATE-----\nMIIDfDCCAmSgAwIBAgIQGKy1av1pthU6Y2yv2vrEoTANBgkqhkiG9w0BAQUFADBY\nMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjExMC8GA1UEAxMo\nR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjEx\nMjcwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMFgxCzAJBgNVBAYTAlVTMRYwFAYDVQQK\nEw1HZW9UcnVzdCBJbmMuMTEwLwYDVQQDEyhHZW9UcnVzdCBQcmltYXJ5IENlcnRp\nZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC\nAQEAvrgVe//UfH1nrYNke8hCUy3f9oQIIGHWAVlqnEQRr+92/ZV+zmEwu3qDXwK9\nAWbK7hWNb6EwnL2hhZ6UOvNWiAAxz9juapYC2e0DjPt1befquFUWBRaa9OBesYjA\nZIVcFU2Ix7e64HXprQU9nceJSOC7KMgD4TCTZF5SwFlwIjVXiIrxlQqD17wxcwE0\n7e9GceBrAqg1cmuXm2bgyxx5X9gaBGgeRwLmnWDiNpcB3841kt++Z8dtd1k7j53W\nkBWUvEI0EME5+bEnPn7WinXFsq+W06Lem+SYvn3h6YGttm/81w7a4DSwDRp35+MI\nmO9Y+pyEtzavwt+s0vQQBnBxNQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4G\nA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQULNVQQZcVi/CPNmFbSvtr2ZnJM5IwDQYJ\nKoZIhvcNAQEFBQADggEBAFpwfyzdtzRP9YZRqSa+S7iq8XEN3GHHoOo0Hnp3DwQ1\n6CePbJC/kRYkRj5KTs4rFtULUh38H2eiAkUxT87z+gOneZ1TatnaYzr4gNfTmeGl\n4b7UVXGYNTq+k+qurUKykG/g/CFNNWMziUnWm07Kx+dOCQD32sfvmWKZd7aVIl6K\noKv0uHiYyjgZmclynnjNS6yvGaBzEi38wkG6gZHaFloxt/m0cYASSJlyc1pZU8Fj\nUjPtp8nSOQJw+uCxQmYpqptR7TBUIhRf2asdweSU8Pj1K/fqynhG1riR/aYNKxoU\nAT6A8EKglQdebc3MS6RFjasS6LPeWuWgfOgPIh1a6Vk=\n-----END CERTIFICATE-----\n" }, { "path": "test/cookbooks/test/files/GeoTrust_Universal_CA.pem", "content": "-----BEGIN CERTIFICATE-----\nMIIFaDCCA1CgAwIBAgIBATANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJVUzEW\nMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEeMBwGA1UEAxMVR2VvVHJ1c3QgVW5pdmVy\nc2FsIENBMB4XDTA0MDMwNDA1MDAwMFoXDTI5MDMwNDA1MDAwMFowRTELMAkGA1UE\nBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xHjAcBgNVBAMTFUdlb1RydXN0\nIFVuaXZlcnNhbCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKYV\nVaCjxuAfjJ0hUNfBvitbtaSeodlyWL0AG0y/YckUHUWCq8YdgNY96xCcOq9tJPi8\ncQGeBvV8Xx7BDlXKg5pZMK4ZyzBIle0iN430SppyZj6tlcDgFgDgEB8rMQ7XlFTT\nQjOgNB0eRXbdT8oYN+yFFXoZCPzVx5zw8qkuEKmS5j1YPakWaDwvdSEYfyh3peFh\nF7em6fgemdtzbvQKoiFs7tqqhZJmr/Z6a4LauiIINQ/PQvE1+mrufislzDoR5G2v\nc7J2Ha3QsnhnGqQ5HFELZ1aD/ThdDc7d8Lsrlh/eezJS/R27tQahsiFepdaVaH/w\nmZ7cRQg+59IJDTWU3YBOU5fXtQlEIGQWFwMCTFMNaN7VqnJNk22CDtucvc+081xd\nVHppCZbW2xHBjXWotM85yM48vCR85mLK4b19p71XZQvk/iXttmkQ3CgaRr0BHdCX\nteGYO8A3ZNY9lO4L4fUorgtWv3GLIylBjobFS1J72HGrH4oVpjuDWtdYAVHGTEHZ\nf9hBZ3KiKN9gg6meyHv8U3NyWfWTehd2Ds735VzZC1U0oqpbtWpU5xPKV+yXbfRe\nBi9Fi1jUIxaS5BZuKGNZMN9QAZxjiRqf2xeUgnA3wySemkfWWspOqGmJch+RbNt+\nnhutxx9z3SxPGWX9f5NAEC7S8O08ni4oPmkmM8V7AgMBAAGjYzBhMA8GA1UdEwEB\n/wQFMAMBAf8wHQYDVR0OBBYEFNq7LqqwDLiIJlF0XG0D08DYj3rWMB8GA1UdIwQY\nMBaAFNq7LqqwDLiIJlF0XG0D08DYj3rWMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG\n9w0BAQUFAAOCAgEAMXjmx7XfuJRAyXHEqDXsRh3ChfMoWIawC/yOsjmPRFWrZIRc\naanQmjg8+uUfNeVE44B5lGiku8SfPeE0zTBGi1QrlaXv9z+ZhP015s8xxtxqv6fX\nIwjhmF7DWgh2qaavdy+3YL1ERmrvl/9zlcGO6JP7/TG37FcREUWbMPEaiDnBTzyn\nANXH/KttgCJwpQzgXQQpAvvLoJHRfNbDflDVnVi+QTjruXU8FdmbyUqDWcDaU/0z\nuzYYm4UPFd3uLax2k7nZAY1IEKj79TiG8dsKxr2EoyNB3tZ3b4XUhRxQ4K5RirqN\nPnbiucon8l+f725ZDQbYKxek0nxru18UGkiPGkzns0ccjkxFKyDuSN/n3QmOGKja\nQI2SJhFTYXNd673nxE0pN2HrrDktZy4W1vUAg4WhzH92xH3kt0tm7wNFYGm2DFKW\nkoRepqO1pD4r2czYG0eq8kTaT/kD6PAUyz/zg97QwVTjt+gKN02LIFkDMBmhLMi9\nER/frslKxfMnZmaGrGiR/9nmUxwPi1xpZQomyB40w11Re9epnAahNt3ViZS82eQt\nDF4JbAiXfKM9fJP/P6EUp8+1Xevb2xzEdt+Iub1FBZUbrvxGakyvSOPOrg/Sfuvm\nbJxPgWp6ZKy7PtXny3YuxadIwVyQD8vIP/rmMuGNG2+k5o7Y+SlIis5z/iw=\n-----END CERTIFICATE----- " }, { "path": "test/cookbooks/test/files/base64-cert2.cer", "content": "-----BEGIN CERTIFICATE-----\r\nMIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEh\r\nMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBE\r\nYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3\r\nMDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRo\r\nZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3Mg\r\nMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggEN\r\nADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCA\r\nPVYYYwhv2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6w\r\nwdhFJ2+qN1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXi\r\nEqITLdiOr18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMY\r\navx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+\r\nYihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLE\r\nsNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h\r\n/t2oatTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5\r\nIEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmlj\r\nYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD\r\nggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYXMP80kWNy\r\nOO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKtI3lpjbi2Tc7P\r\nTMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQ\r\nHmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mER\r\ndEr/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5Cuf\r\nReYNnyicsbkqWletNw+vHX/bvZ8=\r\n-----END CERTIFICATE-----\r\n" }, { "path": "test/cookbooks/test/files/test_p7b.p7b", "content": "-----BEGIN PKCS7-----\nMIIDpgYJKoZIhvcNAQcCoIIDlzCCA5MCAQExADALBgkqhkiG9w0BBwGgggN5MIID\ndTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkGA1UE\nBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jvb3Qg\nQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAwMDBa\nFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxT\naWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxTaWdu\nIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZjc6j\n40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavpxy0S\ny6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp1Wrj\nsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdGsnUO\nhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJU26Q\nzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N89iFo\n7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTAD\nAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0BAQUF\nAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOzyj1h\nTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE38Nf\nlNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymPAbEV\ntQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUadDKqC\n5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbMEHMUf\npIBvFSDJ3gyICh3WZlXi/EjJKSZp4KEAMQA=\n-----END PKCS7-----\n" }, { "path": "test/cookbooks/test/metadata.rb", "content": "name 'test'\nversion '0.0.1'\ndepends 'windows'\n" }, { "path": "test/cookbooks/test/recipes/everything.rb", "content": "include_recipe '::http_acl'\ninclude_recipe '::user_privilege'\ninclude_recipe '::zipfile'\n" }, { "path": "test/cookbooks/test/recipes/http_acl.rb", "content": "user 'space user' do\n password 'Pass@word1'\nend\n\nwindows_http_acl 'http://google.com:80/' do\n user \"#{ENV['COMPUTERNAME']}\\\\space user\"\nend\n\nwindows_http_acl 'http://+:50051/' do\n user \"#{ENV['COMPUTERNAME']}\\\\space user\"\nend\n\n# Grant access to users \"NT SERVICE\\WinRM\" and \"NT SERVICE\\Wecsvc\" via sddl\nwindows_http_acl 'http://+:5985/' do\n sddl 'D:(A;;GX;;;S-1-5-80-569256582-2953403351-2909559716-1301513147-412116970)' \\\n + '(A;;GX;;;S-1-5-80-4059739203-877974739-1245631912-527174227-2996563517)'\nend\n\nwindows_http_acl 'http://+:50051/' do\n action :delete\nend\n" }, { "path": "test/cookbooks/test/recipes/schannel.rb", "content": "windows_schannel 'tls 1.2' do\nend\n" }, { "path": "test/cookbooks/test/recipes/user_privilege.rb", "content": "# Adding 5 Privileges\nwindows_user_privilege 'vagrant' do\n privilege %w(SeIncreaseQuotaPrivilege SeServiceLogonRight SeTimeZonePrivilege SeCreateTokenPrivilege SeBackupPrivilege)\n action :add\nend\n\n# Removing 3 of them\nwindows_user_privilege 'vagrant' do\n privilege %w(SeIncreaseQuotaPrivilege SeServiceLogonRight SeTimeZonePrivilege)\n action :remove\nend\n\n# Removing 1 from already removed\nwindows_user_privilege 'vagrant' do\n privilege %w(SeIncreaseQuotaPrivilege)\n action :remove\nend\n\n# Removing few present & few already removed\nwindows_user_privilege 'vagrant' do\n privilege %w(SeServiceLogonRight SeTimeZonePrivilege SeCreateTokenPrivilege SeBackupPrivilege)\n action :remove\nend\n" }, { "path": "test/cookbooks/test/recipes/zipfile.rb", "content": "directory 'create test dir' do\n path 'C:\\testdir'\n action :create\nend\n\nfile 'C:\\testdir\\testfile1' do\n content 'test file 1'\n action :create\nend\n\nfile 'C:\\testdir\\testfile2' do\n content 'test file 2'\n action :create\nend\n\nwindows_zipfile 'C:\\test.zip' do\n source 'C:\\testdir'\n action :zip\nend\n\ndirectory 'delete test dir' do\n path 'C:\\testdir'\n action :delete\n recursive true\nend\n\nwindows_zipfile 'C:\\testdir' do\n source 'C:\\test.zip'\n action :unzip\nend\n\nwindows_zipfile 'C:\\test\\windows' do\n source 'https://github.com/chef-cookbooks/windows/archive/master.zip'\n action :unzip\nend\n" }, { "path": "test/integration/http_acl/http_acl_spec.rb", "content": "describe command('netsh http show urlacl url=http://google.com:80/') do\n its('exit_status') { should eq 0 }\n its('stdout') { should_not match /^space user/ }\nend\n" }, { "path": "test/integration/schannel/schannel_spec.rb", "content": "describe powershell('[Net.ServicePointManager]::SecurityProtocol') do\n its('strip') { should match /Tls12/ }\nend\n" } ]