Class: Chef::ReservedNames::Win32::Security::SecurableObject

Inherits:
Object
  • Object
show all
Defined in:
lib/chef/win32/security/securable_object.rb

Constant Summary collapse

SecurityConst =
Chef::ReservedNames::Win32::API::Security

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(path, type = :SE_FILE_OBJECT) ⇒ SecurableObject

Returns a new instance of SecurableObject.



28
29
30
31
# File 'lib/chef/win32/security/securable_object.rb', line 28

def initialize(path, type = :SE_FILE_OBJECT)
  @path = path
  @type = type
end

Instance Attribute Details

#pathObject (readonly)

Returns the value of attribute path.



33
34
35
# File 'lib/chef/win32/security/securable_object.rb', line 33

def path
  @path
end

#typeObject (readonly)

Returns the value of attribute type.



34
35
36
# File 'lib/chef/win32/security/securable_object.rb', line 34

def type
  @type
end

Instance Method Details

#dacl=(val) ⇒ Object



73
74
75
# File 'lib/chef/win32/security/securable_object.rb', line 73

def dacl=(val)
  Security.set_named_security_info(path, type, dacl: val)
end

#group=(val) ⇒ Object



84
85
86
# File 'lib/chef/win32/security/securable_object.rb', line 84

def group=(val)
  Security.set_named_security_info(path, type, group: val)
end

#owner=(val) ⇒ Object



88
89
90
91
92
93
# File 'lib/chef/win32/security/securable_object.rb', line 88

def owner=(val)
  # TODO to fix serious permissions problems, we may need to enable SeBackupPrivilege.  But we might need it (almost) everywhere else, too.
  Security.with_privileges("SeTakeOwnershipPrivilege", "SeRestorePrivilege") do
    Security.set_named_security_info(path, type, owner: val)
  end
end

#predict_rights_mask(generic_mask) ⇒ Object

This method predicts what the rights mask would be on an object if you created an ACE with the given mask. Specifically, it looks for generic attributes like GENERIC_READ, and figures out what specific attributes will be set. This is important if you want to try to compare an existing ACE with one you want to create.



43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
# File 'lib/chef/win32/security/securable_object.rb', line 43

def predict_rights_mask(generic_mask)
  mask = generic_mask
  # mask |= Chef::ReservedNames::Win32::API::Security::STANDARD_RIGHTS_READ if (mask | Chef::ReservedNames::Win32::API::Security::GENERIC_READ) != 0
  # mask |= Chef::ReservedNames::Win32::API::Security::STANDARD_RIGHTS_WRITE if (mask | Chef::ReservedNames::Win32::API::Security::GENERIC_WRITE) != 0
  # mask |= Chef::ReservedNames::Win32::API::Security::STANDARD_RIGHTS_EXECUTE if (mask | Chef::ReservedNames::Win32::API::Security::GENERIC_EXECUTE) != 0
  # mask |= Chef::ReservedNames::Win32::API::Security::STANDARD_RIGHTS_ALL if (mask | Chef::ReservedNames::Win32::API::Security::GENERIC_ALL) != 0
  if type == :SE_FILE_OBJECT
    mask |= Chef::ReservedNames::Win32::API::Security::FILE_GENERIC_READ if (mask & Chef::ReservedNames::Win32::API::Security::GENERIC_READ) != 0
    mask |= Chef::ReservedNames::Win32::API::Security::FILE_GENERIC_WRITE if (mask & Chef::ReservedNames::Win32::API::Security::GENERIC_WRITE) != 0
    mask |= Chef::ReservedNames::Win32::API::Security::FILE_GENERIC_EXECUTE if (mask & Chef::ReservedNames::Win32::API::Security::GENERIC_EXECUTE) != 0
    mask |= Chef::ReservedNames::Win32::API::Security::FILE_ALL_ACCESS if (mask & Chef::ReservedNames::Win32::API::Security::GENERIC_ALL) != 0
  else
    raise "Unimplemented object type for predict_security_mask: #{type}"
  end
  mask &= ~(Chef::ReservedNames::Win32::API::Security::GENERIC_READ | Chef::ReservedNames::Win32::API::Security::GENERIC_WRITE | Chef::ReservedNames::Win32::API::Security::GENERIC_EXECUTE | Chef::ReservedNames::Win32::API::Security::GENERIC_ALL)
  mask
end

#sacl=(val) ⇒ Object



95
96
97
98
99
# File 'lib/chef/win32/security/securable_object.rb', line 95

def sacl=(val)
  Security.with_privileges("SeSecurityPrivilege") do
    Security.set_named_security_info(path, type, sacl: val)
  end
end

#security_descriptor(include_sacl = false) ⇒ Object



61
62
63
64
65
66
67
68
69
70
71
# File 'lib/chef/win32/security/securable_object.rb', line 61

def security_descriptor(include_sacl = false)
  security_information = Chef::ReservedNames::Win32::API::Security::OWNER_SECURITY_INFORMATION | Chef::ReservedNames::Win32::API::Security::GROUP_SECURITY_INFORMATION | Chef::ReservedNames::Win32::API::Security::DACL_SECURITY_INFORMATION
  if include_sacl
    security_information |= Chef::ReservedNames::Win32::API::Security::SACL_SECURITY_INFORMATION
    Security.with_privileges("SeSecurityPrivilege") do
      Security.get_named_security_info(path, type, security_information)
    end
  else
    Security.get_named_security_info(path, type, security_information)
  end
end

#set_dacl(dacl, dacl_inherits) ⇒ Object

You don’t set dacl_inherits without also setting dacl, because Windows gets angry and denies you access. So if you want to do that, you may as well do both at once.



80
81
82
# File 'lib/chef/win32/security/securable_object.rb', line 80

def set_dacl(dacl, dacl_inherits)
  Security.set_named_security_info(path, type, dacl: dacl, dacl_inherits: dacl_inherits)
end

#set_sacl(sacl, sacl_inherits) ⇒ Object



101
102
103
104
105
# File 'lib/chef/win32/security/securable_object.rb', line 101

def set_sacl(sacl, sacl_inherits)
  Security.with_privileges("SeSecurityPrivilege") do
    Security.set_named_security_info(path, type, sacl: sacl, sacl_inherits: sacl_inherits)
  end
end