Class: Puppet::Util::Windows::AccessControlEntry Private

Inherits:

Object

• Object
• Puppet::Util::Windows::AccessControlEntry

Includes:

SID

Defined in:

lib/puppet/util/windows/access_control_entry.rb

Overview

This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.

Windows Access Control Entry

Represents an access control entry, which grants or denies a subject, identified by a SID, rights to a securable object.

See Also:

• https://msdn.microsoft.com/en-us/library/windows/desktop/aa374868(v=vs.85).aspx

Constant Summary

OBJECT_INHERIT_ACE =

This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.

0x1

CONTAINER_INHERIT_ACE =

This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.

0x2

NO_PROPAGATE_INHERIT_ACE =

This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.

0x4

INHERIT_ONLY_ACE =

This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.

0x8

INHERITED_ACE =

This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.

0x10

ACCESS_ALLOWED_ACE_TYPE =

This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.

0x0

ACCESS_DENIED_ACE_TYPE =

This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.

0x1

Constants included from SID

SID::AccountOperators, SID::Anonymous, SID::AuthenticatedUsers, SID::BackupOperators, SID::Batch, SID::BuiltinAdministrators, SID::BuiltinUsers, SID::Creator, SID::CreatorGroup, SID::CreatorGroupServer, SID::CreatorOwner, SID::CreatorOwnerServer, SID::Dialup, SID::ERROR_INVALID_SID_STRUCTURE, SID::ERROR_NONE_MAPPED, SID::EnterpriseDomainControllers, SID::Everyone, SID::Guests, SID::Interactive, SID::Local, SID::LocalSystem, SID::MAXIMUM_SID_STRING_LENGTH, SID::Network, SID::Nobody, SID::NonUnique, SID::Nt, SID::NtLocal, SID::NtNetwork, SID::Null, SID::PowerUsers, SID::PrincipalSelf, SID::PrintOperators, SID::Proxy, SID::Replicators, SID::RestrictedCode, SID::ServerOperators, SID::Service, SID::TerminalServerUsers, SID::World

Instance Attribute Summary

• #flags ⇒ Object readonly private
• #mask ⇒ Object readonly private
• #sid ⇒ Object private
• #type ⇒ Object readonly private

Instance Method Summary

• #==(other) ⇒ Object (also: #eql?) private

  Returns true if this ACE is equal to other.

• #container_inherit? ⇒ Boolean private

  Returns true if this ACE applies to child directories.

• #inherit_only? ⇒ Boolean private

  Returns true if this ACE only applies to children of the object.

• #inherited? ⇒ Boolean private

  Returns true if this ACE is inherited from a parent.

• #initialize(sid, mask, flags = 0, type = ACCESS_ALLOWED_ACE_TYPE) ⇒ AccessControlEntry constructor private

  A new instance of AccessControlEntry.

• #inspect ⇒ Object private
• #object_inherit? ⇒ Boolean private

  Returns true if this ACE applies to child files.

Methods included from SID

ads_to_principal, get_length_sid, name_to_principal, name_to_sid, octet_string_to_principal, octet_string_to_sid_string, sid_ptr_to_string, sid_to_name, string_to_sid_ptr, unresolved_principal, valid_sid?

Methods included from FFI::Library

#attach_function_private

Constructor Details

#initialize(sid, mask, flags = 0, type = ACCESS_ALLOWED_ACE_TYPE) ⇒ AccessControlEntry

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns a new instance of AccessControlEntry.

# File 'lib/puppet/util/windows/access_control_entry.rb', line 24

def initialize(sid, mask, flags = 0, type = ACCESS_ALLOWED_ACE_TYPE)
  @sid = sid
  @mask = mask
  @flags = flags
  @type = type
end

Instance Attribute Details

#flags ⇒ Object (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/puppet/util/windows/access_control_entry.rb', line 13

def flags
  @flags
end

#mask ⇒ Object (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/puppet/util/windows/access_control_entry.rb', line 13

def mask
  @mask
end

#sid ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/puppet/util/windows/access_control_entry.rb', line 12

def sid
  @sid
end

#type ⇒ Object (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/puppet/util/windows/access_control_entry.rb', line 13

def type
  @type
end

Instance Method Details

#==(other) ⇒ Object Also known as: eql?

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns true if this ACE is equal to other

# File 'lib/puppet/util/windows/access_control_entry.rb', line 75

def ==(other)
  self.class == other.class &&
    sid == other.sid &&
    mask == other.mask &&
    flags == other.flags &&
    type == other.type
end

#container_inherit? ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns true if this ACE applies to child directories.

Returns:

• (Boolean) —

  true if the ACE applies to child directories

# File 'lib/puppet/util/windows/access_control_entry.rb', line 51

def container_inherit?
  (@flags & CONTAINER_INHERIT_ACE) == CONTAINER_INHERIT_ACE
end

#inherit_only? ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns true if this ACE only applies to children of the object. If false, it applies to the object.

not the object itself.

Returns:

• (Boolean) —

  true if the ACE only applies to children and

# File 'lib/puppet/util/windows/access_control_entry.rb', line 44

def inherit_only?
  (@flags & INHERIT_ONLY_ACE) == INHERIT_ONLY_ACE
end

#inherited? ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns true if this ACE is inherited from a parent. If false, then the ACE is set directly on the object to which it refers.

Returns:

• (Boolean) —

  true if the ACE is inherited

# File 'lib/puppet/util/windows/access_control_entry.rb', line 35

def inherited?
  (@flags & INHERITED_ACE) == INHERITED_ACE
end

#inspect ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/puppet/util/windows/access_control_entry.rb', line 62

def inspect
  inheritance = ""
  inheritance << '(I)' if inherited?
  inheritance << '(OI)' if object_inherit?
  inheritance << '(CI)' if container_inherit?
  inheritance << '(IO)' if inherit_only?

  left = "#{sid_to_name(sid)}:#{inheritance}"
  left = left.ljust(45)
  "#{left} 0x#{mask.to_s(16)}"
end

#object_inherit? ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns true if this ACE applies to child files.

Returns:

• (Boolean) —

  true if the ACE applies to child files.

# File 'lib/puppet/util/windows/access_control_entry.rb', line 58

def object_inherit?
  (@flags & OBJECT_INHERIT_ACE) == OBJECT_INHERIT_ACE
end