Module: Chef::ReservedNames::Win32::API::Security

Extended by:

Chef::ReservedNames::Win32::API

Included in:

FileAccessControl::Windows, File, Security, Security

Defined in:

lib/chef/win32/api/security.rb

Defined Under Namespace

Classes: ACE_HEADER, ACE_WITH_MASK_AND_SID, ACLStruct, LUID, LUID_AND_ATTRIBUTES, TOKEN_PRIVILEGES

Constant Summary

ACCESS_MIN_MS_ACE_TYPE =

ACE_HEADER AceType

0x0

ACCESS_ALLOWED_ACE_TYPE =

0x0

ACCESS_DENIED_ACE_TYPE =

0x1

SYSTEM_AUDIT_ACE_TYPE =

0x2

SYSTEM_ALARM_ACE_TYPE =

0x3

ACCESS_MAX_MS_V2_ACE_TYPE =

0x3

ACCESS_ALLOWED_COMPOUND_ACE_TYPE =

0x4

ACCESS_MAX_MS_V3_ACE_TYPE =

0x4

ACCESS_MIN_MS_OBJECT_ACE_TYPE =

0x5

ACCESS_ALLOWED_OBJECT_ACE_TYPE =

0x5

ACCESS_DENIED_OBJECT_ACE_TYPE =

0x6

SYSTEM_AUDIT_OBJECT_ACE_TYPE =

0x7

SYSTEM_ALARM_OBJECT_ACE_TYPE =

0x8

ACCESS_MAX_MS_OBJECT_ACE_TYPE =

0x8

ACCESS_MAX_MS_V4_ACE_TYPE =

0x8

ACCESS_MAX_MS_ACE_TYPE =

0x8

ACCESS_ALLOWED_CALLBACK_ACE_TYPE =

0x9

ACCESS_DENIED_CALLBACK_ACE_TYPE =

0xA

ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE =

0xB

ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE =

0xC

SYSTEM_AUDIT_CALLBACK_ACE_TYPE =

0xD

SYSTEM_ALARM_CALLBACK_ACE_TYPE =

0xE

SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE =

0xF

SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE =

0x10

SYSTEM_MANDATORY_LABEL_ACE_TYPE =

0x11

ACCESS_MAX_MS_V5_ACE_TYPE =

0x11

OBJECT_INHERIT_ACE =

ACE_HEADER AceFlags

0x1

CONTAINER_INHERIT_ACE =

0x2

NO_PROPAGATE_INHERIT_ACE =

0x4

INHERIT_ONLY_ACE =

0x8

INHERITED_ACE =

0x10

VALID_INHERIT_FLAGS =

0x1F

SUCCESSFUL_ACCESS_ACE_FLAG =

0x40

FAILED_ACCESS_ACE_FLAG =

0x80

OWNER_SECURITY_INFORMATION =

SECURITY_INFORMATION flags (DWORD)

0x01

GROUP_SECURITY_INFORMATION =

0x02

DACL_SECURITY_INFORMATION =

0x04

SACL_SECURITY_INFORMATION =

0x08

LABEL_SECURITY_INFORMATION =

0x10

UNPROTECTED_SACL_SECURITY_INFORMATION =

0x10000000

UNPROTECTED_DACL_SECURITY_INFORMATION =

0x20000000

PROTECTED_SACL_SECURITY_INFORMATION =

0x40000000

PROTECTED_DACL_SECURITY_INFORMATION =

0x80000000

SECURITY_DESCRIPTOR_REVISION =

SECURITY_DESCRIPTOR_REVISION

1

SECURITY_DESCRIPTOR_REVISION1 =

1

SE_OWNER_DEFAULTED =

SECURITY_DESCRIPTOR_CONTROL

0x0001

SE_GROUP_DEFAULTED =

0x0002

SE_DACL_PRESENT =

0x0004

SE_DACL_DEFAULTED =

0x0008

SE_SACL_PRESENT =

0x0010

SE_SACL_DEFAULTED =

0x0020

SE_DACL_AUTO_INHERIT_REQ =

0x0100

SE_SACL_AUTO_INHERIT_REQ =

0x0200

SE_DACL_AUTO_INHERITED =

0x0400

SE_SACL_AUTO_INHERITED =

0x0800

SE_DACL_PROTECTED =

0x1000

SE_SACL_PROTECTED =

0x2000

SE_RM_CONTROL_VALID =

0x4000

SE_SELF_RELATIVE =

0x8000

GENERIC_READ =

ACCESS_RIGHTS_MASK Generic Access Rights

0x80000000

GENERIC_WRITE =

0x40000000

GENERIC_EXECUTE =

0x20000000

GENERIC_ALL =

0x10000000

DELETE =

Standard Access Rights

0x00010000

READ_CONTROL =

0x00020000

WRITE_DAC =

0x00040000

WRITE_OWNER =

0x00080000

SYNCHRONIZE =

0x00100000

STANDARD_RIGHTS_REQUIRED =

0x000F0000

STANDARD_RIGHTS_READ =

READ_CONTROL

STANDARD_RIGHTS_WRITE =

READ_CONTROL

STANDARD_RIGHTS_EXECUTE =

READ_CONTROL

STANDARD_RIGHTS_ALL =

0x001F0000

SPECIFIC_RIGHTS_ALL =

0x0000FFFF

ACCESS_SYSTEM_SECURITY =

Access System Security Right

0x01000000

FILE_READ_DATA =

File/Directory Specific Rights

0x0001

FILE_LIST_DIRECTORY =

0x0001

FILE_WRITE_DATA =

0x0002

FILE_ADD_FILE =

0x0002

FILE_APPEND_DATA =

0x0004

FILE_ADD_SUBDIRECTORY =

0x0004

FILE_CREATE_PIPE_INSTANCE =

0x0004

FILE_READ_EA =

0x0008

FILE_WRITE_EA =

0x0010

FILE_EXECUTE =

0x0020

FILE_TRAVERSE =

0x0020

FILE_DELETE_CHILD =

0x0040

FILE_READ_ATTRIBUTES =

0x0080

FILE_WRITE_ATTRIBUTES =

0x0100

FILE_ALL_ACCESS =

STANDARD_RIGHTS_REQUIRED |
SYNCHRONIZE |
0x1FF

FILE_GENERIC_READ =

STANDARD_RIGHTS_READ |
FILE_READ_DATA       |
FILE_READ_ATTRIBUTES |
FILE_READ_EA         |
SYNCHRONIZE

FILE_GENERIC_WRITE =

STANDARD_RIGHTS_WRITE    |
FILE_WRITE_DATA          |
FILE_WRITE_ATTRIBUTES    |
FILE_WRITE_EA            |
FILE_APPEND_DATA         |
SYNCHRONIZE

FILE_GENERIC_EXECUTE =

STANDARD_RIGHTS_EXECUTE  |
FILE_READ_ATTRIBUTES     |
FILE_EXECUTE             |
SYNCHRONIZE

TOKEN_ASSIGN_PRIMARY =

Access Token Rights (for OpenProcessToken) Access Rights for Access-Token Objects (used in OpenProcessToken)

0x0001

TOKEN_DUPLICATE =

0x0002

TOKEN_IMPERSONATE =

0x0004

TOKEN_QUERY =

0x0008

TOKEN_QUERY_SOURCE =

0x0010

TOKEN_ADJUST_PRIVILEGES =

0x0020

TOKEN_ADJUST_GROUPS =

0x0040

TOKEN_ADJUST_DEFAULT =

0x0080

TOKEN_ADJUST_SESSIONID =

0x0100

TOKEN_READ =

(STANDARD_RIGHTS_READ | TOKEN_QUERY)

TOKEN_ALL_ACCESS =

(STANDARD_RIGHTS_REQUIRED | TOKEN_ASSIGN_PRIMARY |
TOKEN_DUPLICATE | TOKEN_IMPERSONATE | TOKEN_QUERY | TOKEN_QUERY_SOURCE |
TOKEN_ADJUST_PRIVILEGES | TOKEN_ADJUST_GROUPS | TOKEN_ADJUST_DEFAULT |
TOKEN_ADJUST_SESSIONID)

SE_PRIVILEGE_ENABLED_BY_DEFAULT =

AdjustTokenPrivileges

0x00000001

SE_PRIVILEGE_ENABLED =

0x00000002

SE_PRIVILEGE_REMOVED =

0X00000004

SE_PRIVILEGE_USED_FOR_ACCESS =

0x80000000

SE_PRIVILEGE_VALID_ATTRIBUTES =

SE_PRIVILEGE_ENABLED_BY_DEFAULT |
SE_PRIVILEGE_ENABLED            |
SE_PRIVILEGE_REMOVED            |
SE_PRIVILEGE_USED_FOR_ACCESS

SECURITY_DESCRIPTOR_MIN_LENGTH =

Minimum size of a SECURITY_DESCRIPTOR. TODO: this is probably platform dependent. Make it work on 64 bit.

20

ACL_REVISION =

ACL revisions

2

ACL_REVISION_DS =

4

ACL_REVISION1 =

1

ACL_REVISION2 =

2

ACL_REVISION3 =

3

ACL_REVISION4 =

4

MIN_ACL_REVISION =

ACL_REVISION2

MAX_ACL_REVISION =

ACL_REVISION4

MAXDWORD =

0xffffffff

SE_OBJECT_TYPE =

Win32 API Bindings

enum :SE_OBJECT_TYPE, [
     :SE_UNKNOWN_OBJECT_TYPE,
     :SE_FILE_OBJECT,
     :SE_SERVICE,
     :SE_PRINTER,
     :SE_REGISTRY_KEY,
     :SE_LMSHARE,
     :SE_KERNEL_OBJECT,
     :SE_WINDOW_OBJECT,
     :SE_DS_OBJECT,
     :SE_DS_OBJECT_ALL,
     :SE_PROVIDER_DEFINED_OBJECT,
     :SE_WMIGUID_OBJECT,
     :SE_REGISTRY_WOW64_32KEY
]

SID_NAME_USE =

enum :SID_NAME_USE, [
     :SidTypeUser, 1,
     :SidTypeGroup,
     :SidTypeDomain,
     :SidTypeAlias,
     :SidTypeWellKnownGroup,
     :SidTypeDeletedAccount,
     :SidTypeInvalid,
     :SidTypeUnknown,
     :SidTypeComputer,
     :SidTypeLabel
]

TOKEN_INFORMATION_CLASS =

enum :TOKEN_INFORMATION_CLASS, [
     :TokenUser, 1,
     :TokenGroups,
     :TokenPrivileges,
     :TokenOwner,
     :TokenPrimaryGroup,
     :TokenDefaultDacl,
     :TokenSource,
     :TokenType,
     :TokenImpersonationLevel,
     :TokenStatistics,
     :TokenRestrictedSids,
     :TokenSessionId,
     :TokenGroupsAndPrivileges,
     :TokenSessionReference,
     :TokenSandBoxInert,
     :TokenAuditPolicy,
     :TokenOrigin,
     :TokenElevationType,
     :TokenLinkedToken,
     :TokenElevation,
     :TokenHasRestrictions,
     :TokenAccessInformation,
     :TokenVirtualizationAllowed,
     :TokenVirtualizationEnabled,
     :TokenIntegrityLevel,
     :TokenUIAccess,
     :TokenMandatoryPolicy,
     :TokenLogonSid,
     :TokenIsAppContainer,
     :TokenCapabilities,
     :TokenAppContainerSid,
     :TokenAppContainerNumber,
     :TokenUserClaimAttributes,
     :TokenDeviceClaimAttributes,
     :TokenRestrictedUserClaimAttributes,
     :TokenRestrictedDeviceClaimAttributes,
     :TokenDeviceGroups,
     :TokenRestrictedDeviceGroups,
     :TokenSecurityAttributes,
     :TokenIsRestricted,
     :MaxTokenInfoClass
]