Class: Chef::ReservedNames::Win32::Security::SecurableObject

Inherits:
Object
  • Object
show all
Defined in:
lib/chef/win32/security/securable_object.rb

Constant Summary collapse

SecurityConst = 
Chef::ReservedNames::Win32::API::Security

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(path, type = :SE_FILE_OBJECT) ⇒ SecurableObject

Returns a new instance of SecurableObject.

[View source]

28
29
30
31
 
# File 'lib/chef/win32/security/securable_object.rb', line 28

def initialize(path, type = :SE_FILE_OBJECT)
  @path = path
  @type = type
end

Instance Attribute Details

#pathObject (readonly)

Returns the value of attribute path.


33
34
35
 
# File 'lib/chef/win32/security/securable_object.rb', line 33

def path
  @path
end

#typeObject (readonly)

Returns the value of attribute type.


34
35
36
 
# File 'lib/chef/win32/security/securable_object.rb', line 34

def type
  @type
end

Instance Method Details

#dacl=(val) ⇒ Object

[View source]

73
74
75
 
# File 'lib/chef/win32/security/securable_object.rb', line 73

def dacl=(val)
  Security.set_named_security_info(path, type, dacl: val)
end

#group=(val) ⇒ Object

[View source]

84
85
86
 
# File 'lib/chef/win32/security/securable_object.rb', line 84

def group=(val)
  Security.set_named_security_info(path, type, group: val)
end

#owner=(val) ⇒ Object

[View source]

88
89
90
91
92
93
 
# File 'lib/chef/win32/security/securable_object.rb', line 88

def owner=(val)
  # TODO to fix serious permissions problems, we may need to enable SeBackupPrivilege.  But we might need it (almost) everywhere else, too.
  Security.with_privileges("SeTakeOwnershipPrivilege", "SeRestorePrivilege") do
    Security.set_named_security_info(path, type, owner: val)
  end
end

#predict_rights_mask(generic_mask) ⇒ Object

This method predicts what the rights mask would be on an object if you created an ACE with the given mask. Specifically, it looks for generic attributes like GENERIC_READ, and figures out what specific attributes will be set. This is important if you want to try to compare an existing ACE with one you want to create.

[View source]

43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
 
# File 'lib/chef/win32/security/securable_object.rb', line 43

def predict_rights_mask(generic_mask)
  mask = generic_mask
  # mask |= Chef::ReservedNames::Win32::API::Security::STANDARD_RIGHTS_READ if (mask | Chef::ReservedNames::Win32::API::Security::GENERIC_READ) != 0
  # mask |= Chef::ReservedNames::Win32::API::Security::STANDARD_RIGHTS_WRITE if (mask | Chef::ReservedNames::Win32::API::Security::GENERIC_WRITE) != 0
  # mask |= Chef::ReservedNames::Win32::API::Security::STANDARD_RIGHTS_EXECUTE if (mask | Chef::ReservedNames::Win32::API::Security::GENERIC_EXECUTE) != 0
  # mask |= Chef::ReservedNames::Win32::API::Security::STANDARD_RIGHTS_ALL if (mask | Chef::ReservedNames::Win32::API::Security::GENERIC_ALL) != 0
  if type == :SE_FILE_OBJECT
    mask |= Chef::ReservedNames::Win32::API::Security::FILE_GENERIC_READ if (mask & Chef::ReservedNames::Win32::API::Security::GENERIC_READ) != 0
    mask |= Chef::ReservedNames::Win32::API::Security::FILE_GENERIC_WRITE if (mask & Chef::ReservedNames::Win32::API::Security::GENERIC_WRITE) != 0
    mask |= Chef::ReservedNames::Win32::API::Security::FILE_GENERIC_EXECUTE if (mask & Chef::ReservedNames::Win32::API::Security::GENERIC_EXECUTE) != 0
    mask |= Chef::ReservedNames::Win32::API::Security::FILE_ALL_ACCESS if (mask & Chef::ReservedNames::Win32::API::Security::GENERIC_ALL) != 0
  else
    raise "Unimplemented object type for predict_security_mask: #{type}"
  end
  mask &= ~(Chef::ReservedNames::Win32::API::Security::GENERIC_READ | Chef::ReservedNames::Win32::API::Security::GENERIC_WRITE | Chef::ReservedNames::Win32::API::Security::GENERIC_EXECUTE | Chef::ReservedNames::Win32::API::Security::GENERIC_ALL)
  mask
end

#sacl=(val) ⇒ Object

[View source]

95
96
97
98
99
 
# File 'lib/chef/win32/security/securable_object.rb', line 95

def sacl=(val)
  Security.with_privileges("SeSecurityPrivilege") do
    Security.set_named_security_info(path, type, sacl: val)
  end
end

#security_descriptor(include_sacl = false) ⇒ Object

[View source]

61
62
63
64
65
66
67
68
69
70
71
 
# File 'lib/chef/win32/security/securable_object.rb', line 61

def security_descriptor(include_sacl = false)
  security_information = Chef::ReservedNames::Win32::API::Security::OWNER_SECURITY_INFORMATION | Chef::ReservedNames::Win32::API::Security::GROUP_SECURITY_INFORMATION | Chef::ReservedNames::Win32::API::Security::DACL_SECURITY_INFORMATION
  if include_sacl
    security_information |= Chef::ReservedNames::Win32::API::Security::SACL_SECURITY_INFORMATION
    Security.with_privileges("SeSecurityPrivilege") do
      Security.get_named_security_info(path, type, security_information)
    end
  else
    Security.get_named_security_info(path, type, security_information)
  end
end

#set_dacl(dacl, dacl_inherits) ⇒ Object

You don’t set dacl_inherits without also setting dacl, because Windows gets angry and denies you access. So if you want to do that, you may as well do both at once.

[View source]

80
81
82
 
# File 'lib/chef/win32/security/securable_object.rb', line 80

def set_dacl(dacl, dacl_inherits)
  Security.set_named_security_info(path, type, dacl: dacl, dacl_inherits: dacl_inherits)
end

#set_sacl(sacl, sacl_inherits) ⇒ Object

[View source]

101
102
103
104
105
 
# File 'lib/chef/win32/security/securable_object.rb', line 101

def set_sacl(sacl, sacl_inherits)
  Security.with_privileges("SeSecurityPrivilege") do
    Security.set_named_security_info(path, type, sacl: sacl, sacl_inherits: sacl_inherits)
  end
end